Mark Samuels, Harvey Nash looks at the skills or capability gap in relation to cyber threat.

Cybersecurity is always near the top of the CIO priority list. More than a third (36 per cent) of IT leaders say information security is their top concern for 2017, according to research by The Society for Information Management.

The constant threat of attack and the potential cost of exposure means businesses continue to increase their investment in information security. The unpredictability of digital business means 45 per cent of CIOs are investing more in security measures this year, reports recruiter Harvey Nash and consultant KPMG.

The broad scale of the cybersecurity threat - from organised global hacking efforts to internal fraud concerns - is such that defence remains a constant battle. CIOs could, in theory, dedicate all their time and resources to cybersecurity, and still find that their company and its data is left exposed.

Just under a third of CIOs say their firm has suffered a major security incident during the past two years, report Harvey Nash and KPMG. The research also suggests confidence in cyber security is at an all-time low. Just one in five respondents feel that they are very well prepared to respond to cyber-attacks. Worse still, a third of CIOs believe their business suffers from a security skills shortage.

This capability gap could have a significant impact on your ability to respond proactively to cybersecurity threats. While an investment in tools and services can help track and trace errant activity, it is highly-skilled people who ensure your security policies are appropriate and adhered to.

Rather than attempting to create a defendable perimeter, your business must create a proactive approach to information security. The ever-evolving nature of the cybersecurity threat means your business must be able to react flexibly and swiftly. Access to a great, trained security staff can make all the difference.

Your business must ensure its IT professionals have a strong foundation, including principles and data protection concerns, from which to safeguard the company’s most valuable data assets. Extend this knowledge to practitioner level through the boosting of capability in key areas, such as risk management, business continuity and data protection.

Remember that just as the cyber-threat evolves, so does the regulatory environment. The implementation of the General Data Protection Regulation next month will impact how organisations and employees collect, store and process information. With severe financial penalties for firms that fail, the requirement for your business to boost security capability is higher than ever.

Look for a learning and development partner that can help upskill your staff in a proactive manner. The confluence of the ever-evolving cyber-threat, the ever-increasing amount of data and the fast-changing regulatory environment means security will remain at the top of the CIO agenda. Focus on training and developing your staff now to give your business a competitive edge.