Almost half of businesses plan to cut cyber security headcount

Almost half (47 percent) of business security decision-makers and practitioners plan to reduce cyber security headcounts in response to budget headwinds, according to new research from observability company Observe. This is despite organizations with plans to reduce headcount suffering more overall monthly security incidents, as well as more incidents resolved by first responders.

The inaugural State of Security Observability 2023 report surveyed 500 professionals – 40 percent of whom were either CISOs or CSOs – to gauge current approaches to cyber security. It found that 60 percent of businesses planning security headcount cuts also intend to reduce security infrastructure spend.

Generally, cyber security talent is in high demand. The global cyber security industry has a workforce shortage of just under four million, despite the workforce growing by almost 10 percent in the last year, according to the latest figures from cyber security membership organization ISC2. The gap between the number of workers needed and the number available has risen 12.6 percent year over year driven by cutbacks, economic uncertainty, artificial intelligence (AI) and a challenging threat landscape, the ISC2 research found.

Some businesses pay over $500,000 for top cyber security talent

In contrast to Observe’s spending cuts-focused findings, research published last month indicated that some organizations are paying more than US $500,000 for “top” cyber security talent in specific roles. The IANS 2023 Security Organization and Compensation Study Benchmark Summary Report suggested that, while security salaries vary considerably across specialties and sectors, the top salary ranges help to attract and retain key cyber security talent.

Businesses should advocate for budget in the top 25 percent compensation ranges to attract and keep key cyber security talent, according to the report.