Many IT security challenges persist, but there are a handful of areas that, if dramatically improved, would significantly shorten today’s chasm between defender and attacker. One of the challenges cited repeatedly during our interviews is the difficulty organizations have finding the security talent they need. Many enterprises have spent years justifiably with a focus on regulatory compliance. The security industry is disproportionately vested in preventative security defenses with precious little spent on the ability to detect and respond to breaches when they (and they always do) occur.”]
Source: https://www.csoonline.com/article/2134217/5-fixes-to-help-csos-stay-ahead-of-risks.html