For years, we've heard the same story: there's a global shortage of cybersecurity talent. But what if we've been looking at the problem the wrong way? The real issue isn't just about numbers - it's about focus. We don't just have a hiring problem. We have a strategy problem.

To borrow from Peter Drucker, "Management is doing things right; leadership is doing the right things." For too long, the cybersecurity conversation has been focused on doing things right - filling roles, deploying tools, following frameworks. But the real challenge now is doing the right things - setting strategic priorities, embedding security into the business, and leading through uncertainty.

Yes, technical skills are in short supply, but the most pressing gap lies elsewhere: in leadership. Strategic skills like governance, risk management, and long-term planning are missing at the very levels where they matter most. Our latest research reveals that while 76% of organisations acknowledge a skills gap, the real scarcity is at the mid and senior levels. Nearly half (46%) report a shortfall in leadership roles that demand strategic oversight.

This isn’t a pipeline issue. It’s a leadership issue.

More Tech Demands More (Augmented) Humanity

The rise of artificial intelligence in cybersecurity isn’t making human experts redundant. Instead, it’s fundamentally changing their role. As AI takes on the heavy lifting of data analysis and threat detection, the focus for human talent must shift from the operational to the strategic. The skills that matter most now are complex problem-solving, creative thinking, and the ability to manage sophisticated human-machine teams.

Technology is a force multiplier, but it’s not a substitute for sound judgement. An AI can detect an anomaly, but it takes a human expert to understand the business context, assess the risk appetite, and make a strategic decision. Organisations that simply plug in technology without investing in the human expertise to manage it are missing the point. They’re automating tasks, not building resilience.

The real challenge is not just finding people who can use the tools, but cultivating leaders who can build a security culture that is proactive, adaptive, and aligned with the broader objectives of the business.

From Firefighting to Future-Proofing

The consequences of this strategic vacuum are becoming clear. Our research shows 85% of organisations are feeling a tangible negative impact from the skills shortage. Two-thirds are patching the gap with short-term fixes. More than half (57%) have delayed or shelved critical security initiatives.

This is a dangerous game. Delaying a security update or patching a system with a temporary fix doesn't just increase vulnerability; it stalls innovation and hinders growth. It turns cybersecurity into a reactive, firefighting function, when it needs to be a proactive, strategic enabler.

To build true resilience, we need a mindset shift. That means ditching the siloed, reactive view of security and embedding it into the DNA of the business. It means prioritising leadership development alongside technical training. And it means choosing partners who offer not just tools, but strategic expertise.

The skills crisis hasn't disappeared - it's evolved. The winners in this new phase will be those who recognise that resilience is built on strategy, not just staffing.