As a consulting firm that works with Information Security (InfoSec) leaders at a variety of organizations, there is a disturbing trend that has evolved in the past year. Many of them are looking for new jobs (at other companies) or considering leaving the profession altogether. In a field that is already short on good talent…why are experienced leaders searching for a new role?
Most are struggling with increasing lack of support/buy-in from executives. This challenge takes the form of being asked to do more and more with fewer and fewer resources. In many cases, it’s analogous to being set up to fail.
InfoSec stakeholders worry about being accountable for an incident after the fact…especially when they were asking for resources to address known gaps in the security program.
So, what’s driving the lack of support…an interesting question that has many possible answers.
One possible cause is that executives simply aren’t receiving ongoing updates about data breaches and perceive a diminished threat to their environment. Over the past year, media coverage for data breaches has been largely overshadowed by political candidates and the actions of a new president. Beyond the Yahoo breach, things have been relatively quiet in the media.
Another possible cause is that there are fewer breaches occurring. Unfortunately, the statistics say no. In the past two years, the number of reported breaches were fairly consistent with 4,149 in 2016 versus 3,930 in 2015. The big change was in the number of records exposed with 736 million (2015) versus 4.2 billion (2016). In fact, 2016 ranks as the highest number of records ever exposed because of a data breach.
Next week Rob will discuss methods to improve communication with top down support and how to measure project results.