In addition to recruiting, retention is also important. A 2023 report by Gartner estimated that by 2025, almost half of cyber leaders would have moved into new jobs, while 25% would have transitioned into completely different roles because of work stressors.46 Burnout poses a significant retention challenge, given the unpredictability and relentless demands of the role. Research from Proofpoint shows that 66% of CISOs believe that organizations place excessive expectations on them, with more than half having experienced or witnessed burnout in the previous 12 months.47 The cybersecurity sector must prioritize the well-being of its workforce, incorporating considerations of human impact into its decision-making processes to avoid burnout and help talent retention. Closing the cybersecurity skills gap is essential for safeguarding enterprises and addressing global workforce shortages. Programmes like Cyber Girls, Africa’s biggest female-focused cybersecurity training programme, not only equip women with critical cybersecurity expertise but also empower them to enhance their own well-being and economic prospects. Investing in such programmes is a vital step towards building a more secure and inclusive digital future. Confidence Staveley, Founder, CyberSafe FoundationTechnology is pervasive in all of our lives, and in the era of AI, the threat surface is expanding rapidly and creating even more need for advanced cybersecurity. It’s critical we help close the growing cyber skills gap with a focus on training, reskilling, recruiting and retaining cybersecurity talent. The technology sector has an important role to play, and Cisco is proud of our longstanding skill-to- jobs programme, Cisco Networking Academy, which works to close this gap. Chuck Robbins, Chair and Chief Executive Officer, Cisco The evolution of the CISO role BOX 3 In light of the growing complexity in cyberspace and the proliferation of regulations demanding the board’s attention to cyber risks, organizational leadership is increasingly looking to the CISO to understand the cyber risks facing the organization. A poll of CISOs at the 2024 Annual Meeting on Cybersecurity revealed that 60% discuss the cybersecurity posture of the organization three to four times every year with the board. This requires CISOs not only to grasp the technical details of security but also to translate technical risk into business impact, articulating cyber risks in terms of financial loss, regulatory impact and customer trust and providing the board and C-suite with clear insights into how cybersecurity investments safeguard the business’s bottom line and long-term viability. Effective CISOs frame cyberthreats as business risks rather than purely technical challenges. By contextualizing cyber incidents in terms of business continuity, reputation and financial impact, they enable CEOs and boards to view cybersecurity as part of the broader risk landscape. For instance, certain CISOs now quantify cyber risk by its effects on market share, brand trust, safety and regulatory compliance, showing how cyber incidents can ripple throughout an organization, affecting shareholder value, market share, competitive positioning for mergers and acquisitions and customer trust. This approach is driving CEOs to advocate for a cyber-resilience strategy that not only addresses immediate threats but also supports long-term business stability. Considering the importance of the CISO role, there is an increasing amount of focus on its reporting line within the organization, because this is an indicator of the influence the position wields in helping determine overall business strategy. Nearly 24% of CISOs polled at the Annual Meeting on Cybersecurity had a direct reporting line to the CEO, which confirms the growing importance of this role. Global Cybersecurity Outlook 2025 38