Skip to content
Back to Blog
Cyber Security calendar    Feb 01, 2022

87% of security leaders believe there is a shortage of skills in their company

An insight into Stott and May's Cyber Security in Focus 2022 research which explores the skills shortage & barriers to strategy execution from a leader's perspective.

Access to internal skills remains the number one barrier to strategy execution for security leaders, survey results reveal. 

LONDON, January 25, 2022 - Against a backdrop of dramatic acceleration towards digital transformation and the heightened importance of cyber security to a company’s value proposition, security leaders are facing significant challenges in acquiring the appropriate skills to execute against their strategic objectives.

According to a recent survey conducted by global cyber security recruitment firm Stott and May, in partnership with Forgepoint Capital, the most active, sector-focused multistage venture investor in cyber security, internal skills continue to represent the single most significant barrier to strategy execution for 43% of cyber security leaders. Other key hurdles included budget (35%), technology (13%), and board-level buy-in (9%).

The research, entitled ‘Cyber Security in Focus’, provides insight into the thoughts and core priorities of a snapshot cohort of 55 security leaders and examined critical themes including the skills shortage, inhibitors to strategy execution as well as the business perception of cyber security functions. Respondents were sourced from Stott and May’s professional network across EMEA and North America. The roles surveyed included Cyber Security Directors, Security Operations Directors, and VPs of Product Security, with 36% of the sample originating directly from the CISO community. In conjunction with the primary quantitative research, qualitative interviews were also conducted with leading thinkers in the cyber security space.

Highlights from the survey include:

  • Security leaders continue to experience challenges sourcing experienced talent, with 73% highlighting it as an area of concern. Time-to-hire also remains a potent issue. 35% pointed to positions being left unfilled after a 12-week period.
  • Further evolution surrounding the working pattern of security professionals looks likely, with 73% of security leaders favouring a hybrid approach and an additional 22% going fully remote.
  • The significance of cyber security is becoming even more broadly recognized internally, as 80% of security leaders believe their business perceives the function as a ‘strategic priority’ – up from 54% last year.
  • 100% of the sample of cyber security leaders now either agree (38%) or strongly agree (62%) that their business feels the function plays a role in improving the overall value proposition to customers.
  • Concern is growing among 51% of respondents that cyber security investment is not keeping pace with the drive towards digital business.
  • 54% of hiring managers believe that salaries have increased more than 11% YoY, further highlighting the demand for talent.

The challenges posed by digital transformation and the sheer pace of agile software development are also culminating in the emergence of a new type of CISO: the engineering-centric CISO. According to William Lin, Managing Director at Forgepoint Capital, “A lot of digital transformation is inherently going to be driven by engineering, and finding a CISO that can empower developers with knowledge, tooling, and experience will enable outcomes to be achieved faster and more securely.”

Shifting security into the product development lifecycle remains a front-of-mind challenge for CISOs. James Dolph, CISO at Guidewire Software, stated: “I live by the mantra that secure and done is done, insecure and done is not done. It really is as simple as that. Embedding that into the company culture is vital because security is not and cannot be viewed as an add-on – it is not optional and should be part of the company’s value proposition.”

To access the full report, which also includes Stott and May’s latest salary benchmarking for key security roles, download here.

Find out more about our cyber security recruitment team.



About Stott and May 

Founded in 2009 Stott and May are a professional search firm with a passion for helping leaders achieve complete confidence that they have hired the right talent, first time in fiercely competitive markets. We believe you should never have to make the choice between quality of candidate and time-to-hire.

As a result, our business has been founded on the principle of offering a premier standard of search service delivered in vastly accelerated timescales, that our competition simply cannot match. Because after all, this is about more than just recruitment, it’s about turning your business vision into reality.


Head of Marketing


Subscribe to our newsletter

Get the latest hiring insights direct to your inbox.

Latest Articles

Unlocking the Power of Neurodiversity: Essential insights for the modern workplace

Unlocking the Power of Neurodiversity: Essential insights for the modern workplace

Deepen your understanding of neurodiversity and its impact on the workplace, as we address taboo topics and common misconceptions. Watch ou...

3 top tips to attract the best cloud security talent

3 top tips to attract the best cloud security talent

This article comes from an engaging session at UK Cyber Week, where our Head of Cyber Recruitment led a fantastic talk on Securing the clou...

Talking GTM Talent: How to Screen for the Top 10% of Enterprise Account Execs

Talking GTM Talent: How to Screen for the Top 10% of Enterprise Account Execs

Wondering how to spot the high-performing Enterprise Account Execs from the crowd? Learn how to separate the best from the rest in our on-d...