There’s a serious talent shortage impacting the cyber security industry. That’s according to a new report just published by Intel Security in partnership with the Centre for Strategic and International Studies (CSIS). 82% of respondents to the global survey admit to a shortage of cyber security skills across their company, with 71% of respondents citing this shortage as being responsible for direct and measurable damage to organisations whose lack of talent makes them more desirable hacking targets.
The Hacking the Skills Shortage Report highlights that the demand for cyber security professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all those countries surveyed. Despite a quarter of respondents confirming their organisations had lost proprietary data as a result of this skills gap, there are no signs of this situation abating in the near-term. Respondents estimate an average of 15% of cyber security positions in their company will go unfilled by 2020.
Published by the Business Continuity Institute (BCI), the recent Cyber Resilience Report revealed that two-thirds of organisations have experienced a cyber security incident during the previous year, with 15% experiencing at least ten such episodes. This shows the cyber threat is very real and that organisations must take it seriously. That process starts by making sure resources are available to combat the threat.
Such is the level of the threat at present that cyber attacks and data breaches were identified as the top two concerns of business continuity professionals surveyed for the BCI’s latest Horizon Scan Report, which also identified the availability of talents/key skills as a Top Ten concern.
Analysis of four dimensions
The Hacking the Skills Shortage Report analyses four dimensions that comprise the cyber security talent shortage, which include:
*Cyber security spending: The size and growth of cyber security budgets reveals how countries and companies prioritise cyber security. Unsurprisingly, countries and industry sectors that spend more on cyber security are better placed to deal with the workforce skills shortage
*Education and training: Only 23% of respondents believe education programmes are preparing students to enter the industry. This report reveals non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and ‘hackathons’ may be a more effective way to acquire and grow cyber security skills. More than half of respondents believe that the cyber security skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities
*Employer dynamics: While salary is unsurprisingly the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and the reputation of the employer’s IT Department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure
*Government policies: More than three-quarters (76%) of respondents say their Governments are not investing enough in building cyber security talent. This shortage has become a prominent political issue as heads of state in the UK, the US, Israel and Australia have called for increased support for the cyber security workforce in the last year
Direct damage to companies
“A shortage of people with cyber security skills results in direct damage to companies, including the loss of proprietary data and IP,” said James Lewis, senior vice-president and director of the Strategic Technologies Program at CSIS. “This is a global problem. A majority of respondents in all countries surveyed could link their workforce shortage with damage to their organisation.”
Chris Young, senior vice-president and general manager of the Intel Security Group, added: “The security sector has talked at length about how to address the storm of hacks and breaches, but Government and the private sector haven’t brought enough urgency to solving the cyber security talent shortage. To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities and deliver deeper automation such that talent is put to its best use on the front line.”