Skills Gap Emerges as Top CISO Concern in New SANS Survey
What Happened – A 2026 SANS/GIAC survey of 947 global CISOs found that 60 % now cite “not having the right staff” as their primary worry, overtaking concerns about headcount. The shift reflects growing anxiety over AI‑driven threats, quantum‑computing risks, and the difficulty of measuring existing team capabilities.
Why It Matters for TPRM –
- Skills deficiencies can weaken a vendor’s ability to protect shared data and respond to incidents.
- Inadequate expertise may lead to mis‑configurations, delayed patching, and poor security governance across the supply chain.
- Budget constraints that limit training amplify third‑party risk exposure.
Who Is Affected – All industries that rely on external security services, SaaS providers, MSPs, and any organization that outsources security functions.
Recommended Actions –
- Review third‑party security program maturity and verify documented skill‑assessment processes.
- Require vendors to provide evidence of ongoing training aligned with recognized frameworks (e.g., NICE, NIST).
- Incorporate skill‑gap metrics into vendor risk questionnaires and continuous monitoring.
Technical Notes – The issue is not a technical vulnerability but a workforce‑capacity challenge. No CVEs, data exfiltration, or attack vectors are involved. The survey highlights the need for structured talent‑management platforms and standardized skill frameworks. Source: DataBreachToday