With most organisations struggling to attract and retain cybersecurity talent, Earl Perkins, Vice President, Analyst at Gartner, explains how they must change their talent development and recruiting practices and then outsource security functions to MSSPs or delegate responsibilities to internal staff.
Security and risk management leaders responsible for information security must evolve their practices and organisational cultures to keep pace with the digital business era.
“Risk management, governance, business continuity and people – the most important asset – are critical elements of a successful risk and security programme,” says Earl Perkins, Vice President, Analyst at Gartner.
“When allocating resources and selecting products and services this year, security and risk management leaders should consider three important strategic planning assumptions.”
By 2022, 40% of Business Continuity Management (BCM) programmes will be integrated into the digital business risk management structure rather than exist as separate practices.
The momentum of Digital Transformation projects within digital business will outpace the ability of organisations to accommodate changes related to security. Concurrently, the growing need to provide 24/7 technology services to support digital business and customer-facing services is changing the way that organisations interact internally and externally. These changes, as well as the constant threat of cyberattacks, will lead organisations to formalise the relationship between BCM and digital information security functions.
“Stakeholders should be urged to accept BCM as part of the organisational structure,” said Perkins. “Managers within the digital business who oversee the delivery of critical activities will need to gain the necessary skills to engage with resilience planning as a business-as-usual function.”
Through 2022, 30% of large enterprises will build a security skills management programme including experimental recruiting and talent development practices.
Cybersecurity risks are increasing despite the efforts of trained security professionals. Organisations continue to struggle with attracting, retaining and developing security talent.
Organisations must change their talent development and recruiting practices to be able to address missing skills. Start by building and developing a list of new competencies and skills required to support digital business initiatives.
Then adapt short-term skills management practices by outsourcing security functions to managed security service providers (MSSPs) and/or delegating responsibilities to other internal staff.
By 2022, 75% of organisations that outsource email and collaboration tools won’t meet their critical recovery objectives during a supplier outage.
Email and collaboration applications are considered mission-critical resources for most organisations. Conducting business without them can impede production, result in lost transactions and hamper crisis management activities. When an organisation outsources these applications, many suppliers do not provide recovery with short timeframes.
“It’s imperative for the organisation to maintain internal control and governance over all applications used in the delivery of products and services,” said Perkins. “It is also crucial to understand your vendor’s recovery commitments and communication protocols for outages to ensure they meet recovery requirements.”
Gartner is holding the Gartner Security & Risk Summit in Dubai on October 28 and 29. Click here to find out more.