New report finds lack of cyber skills is increasing data security threats
An acute shortage of security analysis, investigation skills, application security skills and cloud computing security skills is inflaming the number of data breaches, according to a recent report titled ‘The Life and Times of Cyber Security Professionals’ by Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG). The report marked the second year in a row the companies partnered to conduct the study, with results revealing a worsening, widespread business problem.
Approximately 70% of the 343 cybersecurity professionals and ISSA respondents said a shortage in cybersecurity skills has had an impact on their organization. Interestingly, 62% of organizations acknowledged they had not provided sufficient training to stay up to pace with business and IT risks, a figure up nearly 10% from the previous study.
Moreover, 45% of respondents reported experiencing more than one security incident within the past two years. An estimated 91% of respondents said the majority of organizations are vulnerable to a significant cyber-attack or data breach. Among the biggest contributors to the security events organizations experienced in the past two years, 31% of respondents cited a lack of adequate training for non-technical employees, 22% cited undersized cybersecurity teams, and 20% cited business and executive management treating cybersecurity as a low priority.
Within the areas with the biggest shortage of cybersecurity skills, 31% of respondents cited a shortage of security analysis and investigation, 31% cited a shortage in application security and 29% cited a lack of cloud computing security. An estimated 38% of respondents said the cybersecurity skills shortage has led to high rates of employee burnout and attrition.
“The cyber-security skills shortage represents an existential threat to our national security and this year-over-year comparison data bears out this fact. We are not making progress, cyber security professionals can’t scale, and the implications of the skills shortage are becoming more pervasive and ominous. It is clear that the solution must be about more than filling jobs. It is about creating an environment from the top down of cyber security as a priority,” said Jon Oltsik, senior principal analyst at ESG and the author of the report.
In order to recruit and retain the best cybersecurity talent, the authors of the report advised organizations to recruit cybersecurity professionals from IT and elsewhere, invest more in training, provide career development advice and services, assess job satisfaction with the cybersecurity departments, anticipate cyber attacks and data breaches, and to take the skills shortage into account as part of every initiative and decision.