Cyber-Security Skills Shortage Leaves Companies Vulnerable - InformationWeek
IoT
IoT
IT Leadership // Security & Risk Strategy
News
8/1/2016
02:36 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Cyber-Security Skills Shortage Leaves Companies Vulnerable

A lack of valued cyber-security skills has left businesses open to attacks resulting in reputation damage and data loss, research shows.

10 Hiring Challenges Confronting CIOs
10 Hiring Challenges Confronting CIOs
(Click image for larger view and slideshow.)

A robust security strategy requires a skilled workforce. Today's IT managers are challenged to defend their networks as a lack of cyber-security talent is leaving them vulnerable to attack.

Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), recently released a report called "Hacking the Skills Shortage."

The report is based on research from tech market research firm Vanson Bourne, which interviewed 775 IT decision-makers involved in cyber-security within their organizations. Respondents represented the US, UK, France, Germany, Australia, Japan, Mexico, and Israel.

[Read: 9 Promising Cloud Security Startups to Watch]

The vast majority of participants (82%) reported a lack of cyber-security skills within their organization. One in three say the shortage makes them prime hacking targets; one in four say it has led to reputational damage and the loss of proprietary data via cyberattack.

It's a problem spanning businesses and industries around the world. The global cyber-security workforce will have 1 to 2 million jobs unfilled by 2019. In the US alone, about 209,000 cybersecurity jobs were unfilled in 2015, according to a report cited by the study.

Highly technical skills are in greater demand among employers than "soft skills" like collaboration. For example, businesses have a tough time finding talent for secure software development, intrusion detection, and attack mitigation.

Most respondents report there is not enough being done to address the skills shortage. More than three-quarters (76%) said they believe their government is not investing enough in building cyber-security talent.

The challenge in finding skilled professionals can be partially attributed to a lack of adequate training. About half of the companies in this study said they prefer at least a bachelor's degree in a relevant technical area to enter the cyber-security field.

Unfortunately, this requirement seems superficial, given its usefulness. A degree in this field has more utility in marketing a candidate than in reflecting his or her cyber-security skills, according to the report.

When asked about the best ways to build cyber-security skills, respondents ranked hands-on experience and professional certifications above a degree. Sixty-eight percent reported hacking competitions also proved useful in helping professionals develop these skills.

(Image: 4x6/iStockphoto)

(Image: 4x6/iStockphoto)

As they struggle to find talented workers, almost all participants said cyber-security technologies could compensate for the lack of talent. More than half (55%) said they believe that in five years, cyber-security solutions will have advanced to meet their needs.

Respondents also said they plan to address the skill shortage through outsourcing, but primarily for areas that are easily automated. For example, threat detection through network monitoring is a solution likely to be outsourced.

The amount and growth of cyber-security spending is related to how it's prioritized within the organization and the country as a whole. The US government and financial services industry, for example, spend a lot on cyber-security and could serve as examples for others to emulate in recruitment and development.

Worldwide, market reports estimate total spending in the sector ranged from $75 billion to more than $100 billion in 2015. It's anticipated that annual spending will increase between 7.4% and 16% over the next five years, according to the report.

The growth in spending will be necessary as businesses also face greater risk and high cost of external internet cyberattacks. Research indicates many organizations experience at least one cyberattack per month and spend an average of $3.5 million to address them each year.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mbp47252dr
50%
50%
mbp47252dr,
User Rank: Apprentice
8/4/2016 | 12:44:51 PM
Cyber-Security Skills Shortage Leaves Companies Vulnerable
    If I may, I'd like to point out that one of the unfortunate roadblocks for newly Cyber and Digital Forensics-educated individuals is the high percentage of positions which require that applicants have pre-existing security clearances. This scenario is akin to the age-old conundrum of being unable to obtain employment due to lack of experience...with the inexperienced individual lamenting they cannot gain experience without having a job. If fewer positions required a pre-existing security clearance and/or there were methods in place which allowed for expedited processing and procurement of said clearances, the shortage of the aforementioned positions could be alleviated.
PJVD
100%
0%
PJVD,
User Rank: Apprentice
8/4/2016 | 10:30:47 AM
Cyber-Security Skills Shortage
Being a retired "Bell-head" (Bell System), it sounds like we need to backup a bit to get better at security. In the Old days secure communications was paramount. We couldn't even route a secure circuit over radio based technology. It had to be guananteed 100% terrestrial. That need for security surfaced in everything we engineered throughout my career. That is until the arrival of the Internet and systems for entertainment became prime. 

I do know that security is possible in every design began at layer 1 as the first priority. Once that is done the rest falls into place.
Commentary
Tech Vendors to Watch in 2019
Susan Fogarty, Editor in Chief,  11/13/2018
Commentary
Getting DevOps Wrong: Top 5 Mistakes Organizations Make
Bill Kleyman, Writer/Blogger/Speaker,  11/2/2018
Commentary
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll