We've heard a lot in the last couple of years about the skills shortage, and the associated challenges with recruiting skilled staff in cybersecurity. It's often said that security is founded on the triad of people, process and technology, and while technology is the enabler, without the skilled individuals who can configure it to deliver the appropriate results, and/or interpret what it is telling them, the triad is going to fall over.

Interesting too that this concern scored higher with CISO's than the actual outcome of that lack of staff - i.e. a successful cyberattack. Perhaps by investing more in the people element of security, the triad can be strengthened, and the technology investments can provide a more robust return.