Nearly half (47 percent) of business security decision-makers and practitioners are planning to reduce cybersecurity headcount in response to budget constraints, according to new research from observability company Observability. This is despite organizations planning to reduce headcount experiencing more overall monthly security incidents, as well as having more incidents resolved by first responders.
The inaugural State of Security Observability 2023 report surveyed 500 professionals – 40 percent of whom were either CISOs or CSOs – to assess the current approach to cybersecurity. It found that 60 percent of businesses planning to cut security headcount also intend to reduce security infrastructure spending.
Generally, cybersecurity talent is in high demand. Despite a nearly 10 percent increase in the workforce last year, the global cybersecurity industry has a workforce shortfall of just under four million, according to the latest data from cybersecurity membership organization ISC2. ISC2 research found that the gap between the number of workers needed and those available has increased by 12.6 percent year on year due to cutbacks, economic uncertainty, artificial intelligence (AI) and the challenging threat landscape.
Some businesses pay more than $500,000 for top cybersecurity talent
In contrast to Observe’s cost-cutting-focused findings, research published last month indicates that some organizations are paying more than US$500,000 for “top” cybersecurity talent in specific roles. The IANS 2023 Security Organization and Compensation Study Benchmark Summary report suggested that, while security pay varies significantly across specialties and sectors, the top salary ranges help attract and retain key cybersecurity talent.
Businesses should advocate for budgets in the top 25 percent compensation range to attract and retain key cybersecurity talent, according to the report.
