Why Hiring More People Won’t Solve Your Cybersecurity Problem – SMBtech
Why Hiring More People Won’t Solve Your Cybersecurity Problem – SMBtech
https://smbtech.au/thought-leadership/why-hiring-more-people-wont-solve-your-cybersecurity-problem/
Publish Date: 2026-06-15 05:22:00
Source Domain: smbtech.au
Using an unordered list, summarize the following article with between 4 and 8 key points. For years, the conversation around cybersecurity resourcing has centred on the same diagnosis: organisations don’t have enough skilled people, nor enough time, budget or training resources to close the gap quickly. But new global research suggests the picture is more complicated than that.Businesses aren’t necessarily failing at cybersecurity because they lack talented or knowledgeable people. In many cases, the operational demands of modern security have simply grown beyond what any internal team can realistically sustain on its own. That should prompt a different kind of conversation, one that looks beyond recruitment and asks whether the security model itself is fit for purpose.Awareness isn’t the problemWatchGuard’s latest research, surveying nearly 1,000 IT and cybersecurity leaders across 20 countries, found that ninety-one per cent of organisations are concerned about AI-driven cyberattacks, and three quarters experienced at least one cyber incident in the past year. These are not organisations that are unaware of the risks or complacent about the threat landscape.Where things become more difficult is in execution. Fifty-four per cent of companies surveyed say they lack the ability to deliver continuous 24/7 monitoring and response, while 67 per cent need additional support to meet growing compliance demands. For many internal teams, the volume and pace of modern threats have made continuous security coverage genuinely difficult to maintain, regardless of the talent available.The challenge is not simply a shortage of cybersecurity awareness or intent. It is the growing gap between what organisations know they need to do and what they can practically deliver every hour of every day.AI is changing the operating modelArtificial intelligence has shifted the equation on both sides. Attacks are becoming faster and harder to detect while the requirements for effective monitoring and response have risen alongside them. Even organisations with strong internal teams are finding that the speed and volume of threats can quickly outpace traditional operating models.This is showing up in how business leaders are thinking about investment. Forty-four per cent say they are willing to pay more for AI-powered detection and response. This statistic reflects how few organisations feel equipped to develop and maintain these capabilities on their own.AI does not remove the need for skilled people. If anything, it makes expertise more important. But it also changes where that expertise needs to sit and how it needs to be applied. Security teams increasingly need support that combines human judgement, automation, continuous monitoring and rapid response at a scale that is hard to replicate internally.The role of security partners is evolvingNearly half of organisations already rely on managed service providers to supplement their internal teams, and the nature of those relationships appears to be evolving. Many now describe their cybersecurity provider as a strategic advisor or proactive partner rather than a vendor they engage only when something goes wrong.Continuous monitoring, faster incident response and clearer visibility for leadership have all become central to how organisations evaluate their providers. This points to a market where expectations of security partnerships have moved well beyond traditional outsourced services. Organisations are looking for partners that can help them interpret risk, prioritise action and maintain resilience over time.The questions worth exploringFor organisations thinking through their current security coverage, the research suggests it may be worth shifting the focus of provider conversations away from toolsets and pricing toward how security actually gets delivered on a day-to-day basis.How does a provider handle detection in practice? What does compliance support look like beyond periodic reporting? How do they keep leadership informed in a way that supports good decision-making? These kinds of questions tend to reveal whether a provider relationship is likely to be genuinely useful over time.Looking aheadCybersecurity budgets are growing, with 75 per cent of organisations expecting spending to increase over the next two years. Much of that growth appears to be flowing toward services that deliver continuous protection rather than one-off investments in tools or headcount. Organisations are not abandoning internal capability. They are recognising that internal teams need the right external support to remain effective.The broader question many are starting to ask is whether their current security model is well suited to the environment they’re actually operating in. That’s a reasonable question to revisit periodically, and for many organisations the answer is shaping genuinely interesting conversations about what the right model looks like going forward.Cybersecurity will always depend on people. But in the current threat environment, resilience is less about simply adding more people and more about designing a model that helps those people succeed.Anthony Daniel is MD for ANZ & Pacific Islands at WatchGuard.Last Updated on June 15, 2026 by Anthony Daniel
