Cyber-Security Skills Shortage Leaves Companies Vulnerable - InformationWeek
IoT
IoT
IT Leadership // Security & Risk Strategy
News
8/1/2016
02:36 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%
RELATED EVENTS
Threat Intelligence Overload?
Aug 23, 2017
A wide range of threat intelligence feeds and services have cropped up keep IT organizations up to ...Read More>>

Cyber-Security Skills Shortage Leaves Companies Vulnerable

A lack of valued cyber-security skills has left businesses open to attacks resulting in reputation damage and data loss, research shows.

10 Hiring Challenges Confronting CIOs
10 Hiring Challenges Confronting CIOs
(Click image for larger view and slideshow.)

A robust security strategy requires a skilled workforce. Today's IT managers are challenged to defend their networks as a lack of cyber-security talent is leaving them vulnerable to attack.

Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), recently released a report called "Hacking the Skills Shortage."

The report is based on research from tech market research firm Vanson Bourne, which interviewed 775 IT decision-makers involved in cyber-security within their organizations. Respondents represented the US, UK, France, Germany, Australia, Japan, Mexico, and Israel.

[Read: 9 Promising Cloud Security Startups to Watch]

The vast majority of participants (82%) reported a lack of cyber-security skills within their organization. One in three say the shortage makes them prime hacking targets; one in four say it has led to reputational damage and the loss of proprietary data via cyberattack.

It's a problem spanning businesses and industries around the world. The global cyber-security workforce will have 1 to 2 million jobs unfilled by 2019. In the US alone, about 209,000 cybersecurity jobs were unfilled in 2015, according to a report cited by the study.

Highly technical skills are in greater demand among employers than "soft skills" like collaboration. For example, businesses have a tough time finding talent for secure software development, intrusion detection, and attack mitigation.

Most respondents report there is not enough being done to address the skills shortage. More than three-quarters (76%) said they believe their government is not investing enough in building cyber-security talent.

The challenge in finding skilled professionals can be partially attributed to a lack of adequate training. About half of the companies in this study said they prefer at least a bachelor's degree in a relevant technical area to enter the cyber-security field.

Unfortunately, this requirement seems superficial, given its usefulness. A degree in this field has more utility in marketing a candidate than in reflecting his or her cyber-security skills, according to the report.

When asked about the best ways to build cyber-security skills, respondents ranked hands-on experience and professional certifications above a degree. Sixty-eight percent reported hacking competitions also proved useful in helping professionals develop these skills.

(Image: 4x6/iStockphoto)

(Image: 4x6/iStockphoto)

As they struggle to find talented workers, almost all participants said cyber-security technologies could compensate for the lack of talent. More than half (55%) said they believe that in five years, cyber-security solutions will have advanced to meet their needs.

Respondents also said they plan to address the skill shortage through outsourcing, but primarily for areas that are easily automated. For example, threat detection through network monitoring is a solution likely to be outsourced.

The amount and growth of cyber-security spending is related to how it's prioritized within the organization and the country as a whole. The US government and financial services industry, for example, spend a lot on cyber-security and could serve as examples for others to emulate in recruitment and development.

Worldwide, market reports estimate total spending in the sector ranged from $75 billion to more than $100 billion in 2015. It's anticipated that annual spending will increase between 7.4% and 16% over the next five years, according to the report.

The growth in spending will be necessary as businesses also face greater risk and high cost of external internet cyberattacks. Research indicates many organizations experience at least one cyberattack per month and spend an average of $3.5 million to address them each year.

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mbp47252dr
50%
50%
mbp47252dr,
User Rank: Apprentice
8/4/2016 | 12:44:51 PM
Cyber-Security Skills Shortage Leaves Companies Vulnerable
    If I may, I'd like to point out that one of the unfortunate roadblocks for newly Cyber and Digital Forensics-educated individuals is the high percentage of positions which require that applicants have pre-existing security clearances. This scenario is akin to the age-old conundrum of being unable to obtain employment due to lack of experience...with the inexperienced individual lamenting they cannot gain experience without having a job. If fewer positions required a pre-existing security clearance and/or there were methods in place which allowed for expedited processing and procurement of said clearances, the shortage of the aforementioned positions could be alleviated.
PJVD
100%
0%
PJVD,
User Rank: Apprentice
8/4/2016 | 10:30:47 AM
Cyber-Security Skills Shortage
Being a retired "Bell-head" (Bell System), it sounds like we need to backup a bit to get better at security. In the Old days secure communications was paramount. We couldn't even route a secure circuit over radio based technology. It had to be guananteed 100% terrestrial. That need for security surfaced in everything we engineered throughout my career. That is until the arrival of the Internet and systems for entertainment became prime. 

I do know that security is possible in every design began at layer 1 as the first priority. Once that is done the rest falls into place.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll