Skip to content
Back to Blog cyber-security-boardroom-meeting
Cyber Security calendar    Nov 01, 2023

51% of CISOs see budget as biggest barrier to strategy execution

Stott and May's Cyber Security in Focus report explores the trends affecting CISOs, providing insights into the questions at the forefront of the industry.

The number of CISOs highlighting budget constraints as their #1 challenge to roadmap execution is up 16% YoY. A lack of internal skills remains the top challenge for 34% of security leaders, as sourcing talent remains a significant problem for 66% of all survey respondents.

Today’s security leader faces a range of barriers to strategy execution; tackling the internal skills gap, achieving the right level of executive support from the business, building a security culture, making sound technology investment decisions, and more. But the state of the economy is starting to drive a new narrative for CISOs, with many being asked to do more with less.

This year’s Cyber Security in Focus research conducted by global cyber security recruitment specialists Stott and May reveals that CISOs see budget as the biggest barrier to strategy execution in 2023, overtaking internal skills for the first time. 51% of security leaders highlighted budget as their primary inhibitor to delivering on strategy, with internal skills (34%), board-level buy-in (11%), and technology (3%) also being cited as issues by the global sample of CISOs.

Share this Image On Your Site

Notable findings from the 2023 Cyber Security in Focus Report include:

  • Filling cyber security vacancies continues to be a pain point for security leaders. 66% are facing challenges in sourcing talent for their business. 69% of security vacancies are left unfilled after 8 weeks.
  • CISOs report that salary expectations across the industry continue to increase. 47% believe that salary levels have increased by more than 11% year-on-year. A further 31% see wage inflation sitting between 6 and 10%.
  • Strategic investment continues in security but with little room for experimentation. 44% report their budgets will stay the same or decrease. Only 53% believe security investment is keeping pace with digital business. The top three priority investment areas for CISOs in 2023 are cloud security (25%), IAM (20%), and security and vulnerability management (18%).
  • The focus turns towards translating security risk to align to the business strategy. 55% of security leaders believe that their company sees cyber security as a strategic priority, while 60% agree their business feels that the security function improves the overall value proposition to customers.

Cyber Security in Focus is an annual research report that explores the perceptions of a high-quality sample of 60 CISOs and security leaders on critical themes such as; the skills shortage, barriers to strategy execution, the perception of cyber security functions, and future technology investment. The sampled respondents were sourced from Stott and May’s professional network across EMEA and North America. In addition to primary quantitative research and findings, this report also features qualitative interviews with leading industry professionals in the cyber security space.

In the paper, Haris Pylarinos, Founder & CEO of Hack The Box, shared his thoughts on the top challenges CISOs face when building a high-performing security function. “It’s the ability to stay outward looking and ensure that internal skills stay up to date. You can hire the best security professionals out there with field experience, but the problem is that this knowledge can degrade over time because cyber security is evolving at such a rapid pace.” In addition, Chris Castaldo, CISO at Crossbeam, outlined his thoughts on the main barriers that CISOs come across when executing their cyber security roadmaps. “Not understanding the business. That’s the main barrier. Everyone that I talk to that’s trying to implement some new tool or a new process or policy and meets resistance typically hasn’t spent enough time trying to understand what those stakeholders really care about and tailoring that message to them.”

To access the full report, including Stott and May’s latest salary benchmarking for key security roles, download here.

Find out more about our cyber security recruitment team.


About Stott and May

Founded in 2009, Stott and May are a professional search firm with a passion for helping leaders achieve complete confidence that they have hired the right talent first time in fiercely competitive markets. We believe you should never have to make the choice between quality of candidate and time-to-hire. As a result, our business has been founded on the principle of offering a premier standard of search service delivered in vastly accelerated timescales. Because, after all, this is about more than just recruitment; it’s about turning your business vision into reality.

For more information, contact:
David Struth
Head of Marketing, Stott and May 

Head of Marketing


Subscribe to our newsletter

Get the latest hiring insights direct to your inbox.

Latest Articles

3 top tips to attract the best cloud security talent

3 top tips to attract the best cloud security talent

This article comes from an engaging session at UK Cyber Week, where our Head of Cyber Recruitment led a fantastic talk on Securing the clou...

Talking GTM Talent: How to Screen for the Top 10% of Enterprise Account Execs

Talking GTM Talent: How to Screen for the Top 10% of Enterprise Account Execs

Wondering how to spot the high-performing Enterprise Account Execs from the crowd? Learn how to separate the best from the rest in our on-d...

Hiring a top 10% VP of Marketing who actually fits your business

Hiring a top 10% VP of Marketing who actually fits your business

Every business is unique. So, how do you hire the right VP of Marketing for yours?