A survey published by the International Information System Security Certification Consortium, also known as (ISC)², shows that half of well-performing organizations surveyed have successfully recruited government cybersecurity talent.
The Building a Resilient Cybersecurity Culture survey found that a strong security-focused culture and adherence to best practices helps companies attract and retain cybersecurity talent. (ISC)2 commissioned the study to better understand how successful organizations are overcoming the shortage of skilled cybersecurity talent in a demand-heavy, competitive recruitment environment.
“The growing cybersecurity workforce gap has received a lot of media attention. What we haven’t heard as much about is how some companies are actually succeeding in building their security teams even in the face of this competition for talent. Our empirical analysis shows the demonstrable effect cybersecurity leaders can achieve by fostering a strong cybersecurity culture,” said (ISC)² Director of Cybersecurity Advocacy for North America John McCumber. “The human factors of information security are most effectively accessed, developed, and employed by organizations with this critical professional leadership. This new report provides a window into how this gap can be leveraged by individuals and organizations alike to dramatically improve the protection and management of critical information assets.”
The data is based on a survey of 250 U.S. cybersecurity professionals with oversight of hiring and managing security departments, who say their organization does an adequate job of ensuring it has enough cybersecurity expertise on staff.
Ninety-seven percent of respondents indicated that their entire executive management team understands the importance of strong security practices and reinforces those messages with staff. When asked which tactics were used to successfully build a strong cyber team, 70 percent said they hire certified security professionals, 70 percent train and promote from within, and 52 percent attribute their success to drafting clear job descriptions.
Eighty-six percent of the companies surveyed said they employ a CISO. Of these, 57 percent of the CISOs report directly to either the CEO or the board of directors, indicating the level of importance associated with the position.
Of the 50 percent that have been able to hire talent from the government sector, 67 percent said salary was the biggest draw, while 60 percent cited the opportunity to work with a strong leadership team, and 59 percent believe the opportunity to work for a mission-based organization helps win over recruits from the public sector.
More than half of the respondents cited a strong risk management policy as the primary reason for confidence in their capabilities to protect their enterprise.