I recently conducted an in-depth interview with an IT Security Leader from the Vanson Bourne CommunITy. She was on her lunch break grabbing a sandwich, talking and walking at the same time. When I asked how she was, she replied “There is quite a lot on my plate right now”. By the end of our conversation, we laughed, and agreed this was a huge understatement. And while we joked, the landscape IT security leaders face today is far from funny, as she went on to tell me about the various challenges she’s facing in her role.
At RSA 2024, Leigh McMullen, VP and Security Analyst at Gartner said that IT security leaders’ roles are increasingly complex and demanding. They are often seen as the saviour in the shadows, protecting their organisation from increasingly sophisticated cyber threats. But is there an acceptance of their extreme workload? Has anyone considered their feelings? With the pool of talent diminishing, we cannot afford to burn out these crucial technology and transformation leaders.
Deploying a dual methodology approach
To find out more, we used a mix of quantitative (an online survey) and qualitative (in-depth interviews) methodologies. Firstly surveying 87 IT security decision makers, we found that:
Sometimes when you read stats like these, you are left wanting more. How do they balance innovation with security? Why is it difficult? How is their role challenging? These questions are too emotive and nuanced for a quantitative survey alone. We wanted to really understand the pressures felt by certain individuals. Therefore, we dove deeper with two in-depth interviews.
Now, let’s explore the key insights…
IT security leaders struggle to keep up with the demand and complexities of their role
- Rising Expectations: Balancing strategic priorities with budget constraints is increasingly challenging
- No Time to Pause: The brakes cannot be put on. IT security leaders must proactively monitor market innovations, evolving technologies, and emerging threats to stay ahead
- High Stress Levels: It’s essential to maintain a calm demeanour and have a trusted team behind you
“…you can’t ever keep ahead of the game. It’s keeping not too far behind the game… just trying to keep up with what’s going on” Head of Information Security, Retail
“You need to have a strong team you can trust, but also when security incidents happen or technology incidents happen, you need to really have a cool head… You need to think in a structured way” CIO, Insurance
“You have to have innovation and an inquisitive approach so that you basically don’t miss any market innovations and technology innovations and stay up to date on the latest developments, but also the latest threats” CIO, Insurance
Security needs hinder innovation
- Security in Innovation: Innovation carries risk, so implementing appropriate security protocols and governance is crucial to mitigate them
- Cultural Shift Needed: Risk management should support, not stifle innovation. More can be done to drive understanding of this throughout the organisation
“I believe that stability and security are the foundational cornerstone of everything we do. And therefore, without stability and security, you cannot really move forward or do any transformation or innovation” CIO, Insurance
“It’s not possible to have a zero risk policy when it comes to information security because the business does want to take a risk in innovation, so it’s a real balance” Head of Information Security, Retail
IT security leaders have mixed feelings about AI. Balancing security risks with benefits is crucial
- Unique challenges: AI increases IT complexity and demands a specialised/technical workforce for management
- Advanced Cyberattacks: Malicious actors use AI for sophisticated cyberattacks, intensifying pressure on IT security leaders
- Board Pressure: Boards push for rapid AI security tools adoption, requiring IT Security Leaders to manage expectations for responsible integration
“Dealing with the hype around AI. The board expects this to be some kind of magical silver bullet to fix all the issues. But they don’t understand how difficult this technology is and how expensive it can be.” Chief Security Officer, Manufacturing
The future requires IT security leaders to upskill their team and optimise AI-enabled technologies
- Increased Pressure: Escalating cyber threats, complex IT environments, and regulatory changes amplify the need for robust security, adding pressure on IT security leaders
- AI Complexity: Balancing AI’s risks and benefits adds further complexity, demanding skilled talent acquisition and retention. Leaders need a reliable, problem-solving team to navigate future challenges effectively
You also need people who understand the wider picture, who understand the integrations, who understand the bigger context of the ecosystems because business models are also changing. And therefore, you need sometimes to have both specialised, as well as a broad skill set with the people” CIO, Insurance
Utilising this dual methodology, detailed further here, gave us hard numbers to showcase the ‘what’ (quantitative) as well as the ‘why’ (qualitative). This approach left no room for, “but why?” questions. Evidence and real-life context supported the stats, creating a comprehensive and compelling narrative. And don’t just take our word for it.
Imagine the insights we would have missed with a single approach. To speak to us about your dual methodology project requirements, get in touch today.