A robust security strategy requires a skilled workforce. Today's IT managers are challenged to defend their networks as a lack of cyber-security talent is leaving them vulnerable to attack.
Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), recently released a report called "Hacking the Skills Shortage."
The report is based on research from tech market research firm Vanson Bourne, which interviewed 775 IT decision-makers involved in cyber-security within their organizations. Respondents represented the US, UK, France, Germany, Australia, Japan, Mexico, and Israel.
The vast majority of participants (82%) reported a lack of cyber-security skills within their organization. One in three say the shortage makes them prime hacking targets; one in four say it has led to reputational damage and the loss of proprietary data via cyberattack.
It's a problem spanning businesses and industries around the world. The global cyber-security workforce will have 1 to 2 million jobs unfilled by 2019. In the US alone, about 209,000 cybersecurity jobs were unfilled in 2015, according to a report cited by the study.
Highly technical skills are in greater demand among employers than "soft skills" like collaboration. For example, businesses have a tough time finding talent for secure software development, intrusion detection, and attack mitigation.
Most respondents report there is not enough being done to address the skills shortage. More than three-quarters (76%) said they believe their government is not investing enough in building cyber-security talent.
The challenge in finding skilled professionals can be partially attributed to a lack of adequate training. About half of the companies in this study said they prefer at least a bachelor's degree in a relevant technical area to enter the cyber-security field.
Unfortunately, this requirement seems superficial, given its usefulness. A degree in this field has more utility in marketing a candidate than in reflecting his or her cyber-security skills, according to the report.
When asked about the best ways to build cyber-security skills, respondents ranked hands-on experience and professional certifications above a degree. Sixty-eight percent reported hacking competitions also proved useful in helping professionals develop these skills.
As they struggle to find talented workers, almost all participants said cyber-security technologies could compensate for the lack of talent. More than half (55%) said they believe that in five years, cyber-security solutions will have advanced to meet their needs.
Respondents also said they plan to address the skill shortage through outsourcing, but primarily for areas that are easily automated. For example, threat detection through network monitoring is a solution likely to be outsourced.
The amount and growth of cyber-security spending is related to how it's prioritized within the organization and the country as a whole. The US government and financial services industry, for example, spend a lot on cyber-security and could serve as examples for others to emulate in recruitment and development.
Worldwide, market reports estimate total spending in the sector ranged from $75 billion to more than $100 billion in 2015. It's anticipated that annual spending will increase between 7.4% and 16% over the next five years, according to the report.
The growth in spending will be necessary as businesses also face greater risk and high cost of external internet cyberattacks. Research indicates many organizations experience at least one cyberattack per month and spend an average of $3.5 million to address them each year.