Despite increasing security incidents and growing threats of cyber attacks, almost half of organisations that took part in a recent study plan to reduce their security headcount. And, according to PwC, an estimated 20% of organisations will shrink or freeze their security budget for 2024.
Should you be doing the same?
Why are companies reducing cybersecurity headcount?
It’s no secret that the world is going through a difficult economic period, with many companies looking to reduce costs. This is happening across all departments, including cybersecurity. However, unlike in other teams where the workload might remain the same, cybersecurity is seeing an increase. According to Tara Wisniewski, EVP, Advocacy, Global Markets and Member Engagement at ISC2, “the threat landscape is tougher than it’s ever been. We found that 75% of cyber professionals are finding the current threat landscape to be the most challenging it’s been in the past five years.” This means, security teams are having to do even more with less resources.
This has been coupled with a major labour shortage within the industry. As of October 2023, the shortage had risen to a record high of around 4m despite the cybersecurity workforce growing by almost 10% in the last year. This is largely due to the cost-cutting measures companies have taken, but also due to the skills gap between available talent vs the needs of the business. A Cybersecurity Workforce Study from ISC2 showed that an inability to find people with the right skills and a struggle to keep people with in-demand skills are two of the biggest causes for skills gaps.
Should you be reducing your cybersecurity teams?
It’s clear that cybersecurity is an issue that will remain prominent long into the future, as companies continue to rely on digital technology and malicious actors will develop more innovative ways to launch and scale their attacks. And, according to a Gartner survey, 50% of C-suite leaders will have performance requirements related to cybersecurity risk embedded in their contracts by 2026.
As a result, investment in cybersecurity – including highly-skilled staff – is essential. For SMEs that are struggling with tighter budgets it’s worth taking a more prudent approach, avoiding hype-driven products in favour of those that are actually necessary. And for larger companies looking to streamline costs, the focus should be on integrating tools and products for optimal performance.