Smaller Budgets and a Shortage of Skilled Workers Challenge CISOs
Complexity, AI, and Budget Constraints: CISOs Must Focus More on Technology Than Organization
In recent years, CISOs have had to rely more on business management skills to bring cybersecurity onto top management’s agenda. Today, cybersecurity has become a top priority for many companies, shifting the emphasis back to technical expertise.
The role of the CISO is demanding. According to market analysts at Gartner, nearly half of security executives will change jobs by 2025. In fact, they predict that a quarter of them will transition into entirely different roles due to the overwhelming scope of their responsibilities.
Demographic Shifts Worsen the Skills Shortage
The 2024 ISC2 Cybersecurity Workforce Study highlights several major challenges. Twenty-five percent of respondents reported layoffs in their cybersecurity departments—an increase of three percentage points compared to 2023. Additionally, 37% faced budget cuts. These trends exacerbate the already critical shortage of skilled professionals in security teams. In Germany, this issue is further intensified by demographic shifts, as the country is only at the beginning of a wave of retirements.
Solving the skills shortage is further complicated by the dynamic nature of the cybersecurity industry, which has been experiencing consolidation in recent years, while more vendors and startups enter the market. According to Gartner, there are over 3,200 cybersecurity vendors worldwide. This means that despite the growing number of large providers offering integrated platforms instead of standalone products, the market continues to expand each year.
For Germany, Bitkom forecasts that IT security services will surpass the €10 billion mark by 2025. With a growth rate of 13%, Germany is outpacing not only last year’s figures but also the overall European growth rate of 12%. According to the latest IDC market data, spending on cybersecurity solutions has already exceeded €5 billion.
Growing Complexity Due to a Proliferation of Security Solutions
The increasing number of security solutions leads to growing complexity. Managing network visibility, cloud environments, and mobile devices across multiple platforms and products makes it harder to maintain oversight. The sheer number of tools complicates security teams’ efforts to use them efficiently, partly due to the diverse environments they must navigate. The hybrid nature of cloud and on-premises infrastructures, digital transformation, compliance requirements, and heightened geopolitical threats all add to the pressure.
As a result, CISOs must take an increasingly hands-on approach to overseeing their technology stack. They need technical expertise to understand the tools, identify redundancies, and uncover unused capabilities within their existing infrastructure. With shrinking budgets, CISOs must achieve more with fewer resources while facing increasingly sophisticated cyber threats.
AI Should Be Used in SOCs
Generative AI presents a major opportunity in this context. It can facilitate communication with key stakeholders regarding security incidents, the actions taken in response, and their business impact. AI can also streamline reporting processes, making it faster and more accessible, while simplifying technical language for management, boards, regulators, and the public. According to Gartner, AI should play a role in Security Operations Centers (SOCs).
Rather than following the general hype, CISOs must address the fundamental challenges of SOCs. Despite the deployment of up to 40 security tools in a typical enterprise and a flood of alerts, breaches still occur. One reason for this is the sheer number of dashboards competing for attention. SOAR (Security Orchestration, Automation, and Response) technologies have failed to consolidate alerts and automate incident investigations effectively.
One potential solution is the use of hypergraphs, which establish meaningful relationships from a security perspective. They also play a crucial role in ensuring data quality, allowing large language models (LLMs) to transform raw data into actionable insights.
CISOs Must Simplify the Security Stack
2025 will not be an easier year for CISOs. Economic indicators suggest the opposite. The pressure to cut costs while maintaining or improving security is mounting. At the same time, new compliance regulations and laws, such as NIS2, are raising questions about accountability and liability. One way out of this dilemma is to optimize the use of existing tools. By refining their security posture, CISOs can achieve better security outcomes despite budget constraints and external pressures.
Christian Have
CTO at Logpoint
