Scale Ventures highlights widening resource gaps and funding challenges in cybersecurity

A new report out today from venture capital firm Scale Venture Partners details the challenges faced by chief information security officers and other senior security staff, ranging from security risks to funding problems, with some interesting takeaways on how resources are not keeping up with increasing cybersecurity demands.

The Scale Ventures Cybersecurity Perspectives 2024 report found that resource gaps are widening, with an estimated global shortage of 4 million cybersecurity professionals. Three-quarters of security leaders polled said they planned to hire more staff in the coming year, but 57% said that they struggle to find qualified candidates.

The security roles that were found to be hardest to fill included cloud infrastructure at 60%, followed by application security at 59% and artificial intelligence and machine learning security at 58%.

Keeping existing staff is also highlighted as a challenge, with more than half of security leaders believing that their teams are unsatisfied with their jobs, salaries and work culture. A little over half of CISOs said they were concerned about burnout and extreme workloads leading to staff turnover.

Increasing salary ranges is seen as the most effective strategy to address the skills gap, yet the report found that only 21% of firms plan to do so. Other strategies to increase staff include moving non-cyber staff into security roles and partnering with training organizations.

The lack of flexibility to increase salaries comes back to budget constraints. The report found that midsized security budgets have declined by 1% so far this year — not surprising given growth rates of 5% in 2022 and 51% in 2023. Large enterprise security budgets have grown by 16%, but the rate was down from previous years.

The malaise in funding is not exclusive to companies seeking to protect themselves against cybersecurity threats. Startups also struggling to raise additional funding.

Scale Ventures found that globally, cybersecurity funding fell by 46% in 2023, dropping from $24.6 billion in 2021 to $9.96 billion last year. The decline was across all stages of funding, with late-stage deals, Series C and D, experiencing the steepest drop.

The number of funding deals with cybersecurity companies also fell by 14% year-over-year last year, with 693 deals in 2023 versus 919 deals in 2022. Angel and seed deals fell by 34% and early-stage deals decreased by 23%.

Despite the overall drop in funding, the one positive standout in 2023 was exit value, which increased by 52% to $4.4 billion. The growth was the result of some high-profile large deals, whereas the total number of exits in cybersecurity last year was down.

Across cybersecurity startups, application security startups received the most funding, security operations and identity access management saw growth in angel and seed funding, and data security experienced the steepest decline.

The report also notes that AI is considered the most promising emerging innovation for cybersecurity. CISOs and security leaders said they’re hopeful about its potential to improve threat detection and response, streamline risk evaluation, and enhance efficiency and accuracy.

Image: ChatGPT 4o