Cyber-Security Skills Shortage Leaves Companies Vulnerable - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Security & Risk Strategy
News
8/1/2016
02:36 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Cyber-Security Skills Shortage Leaves Companies Vulnerable

A lack of valued cyber-security skills has left businesses open to attacks resulting in reputation damage and data loss, research shows.

10 Hiring Challenges Confronting CIOs
10 Hiring Challenges Confronting CIOs
(Click image for larger view and slideshow.)

A robust security strategy requires a skilled workforce. Today's IT managers are challenged to defend their networks as a lack of cyber-security talent is leaving them vulnerable to attack.

Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), recently released a report called "Hacking the Skills Shortage."

The report is based on research from tech market research firm Vanson Bourne, which interviewed 775 IT decision-makers involved in cyber-security within their organizations. Respondents represented the US, UK, France, Germany, Australia, Japan, Mexico, and Israel.

[Read: 9 Promising Cloud Security Startups to Watch]

The vast majority of participants (82%) reported a lack of cyber-security skills within their organization. One in three say the shortage makes them prime hacking targets; one in four say it has led to reputational damage and the loss of proprietary data via cyberattack.

It's a problem spanning businesses and industries around the world. The global cyber-security workforce will have 1 to 2 million jobs unfilled by 2019. In the US alone, about 209,000 cybersecurity jobs were unfilled in 2015, according to a report cited by the study.

Highly technical skills are in greater demand among employers than "soft skills" like collaboration. For example, businesses have a tough time finding talent for secure software development, intrusion detection, and attack mitigation.

Most respondents report there is not enough being done to address the skills shortage. More than three-quarters (76%) said they believe their government is not investing enough in building cyber-security talent.

The challenge in finding skilled professionals can be partially attributed to a lack of adequate training. About half of the companies in this study said they prefer at least a bachelor's degree in a relevant technical area to enter the cyber-security field.

Unfortunately, this requirement seems superficial, given its usefulness. A degree in this field has more utility in marketing a candidate than in reflecting his or her cyber-security skills, according to the report.

When asked about the best ways to build cyber-security skills, respondents ranked hands-on experience and professional certifications above a degree. Sixty-eight percent reported hacking competitions also proved useful in helping professionals develop these skills.

(Image: 4x6/iStockphoto)

(Image: 4x6/iStockphoto)

As they struggle to find talented workers, almost all participants said cyber-security technologies could compensate for the lack of talent. More than half (55%) said they believe that in five years, cyber-security solutions will have advanced to meet their needs.

Respondents also said they plan to address the skill shortage through outsourcing, but primarily for areas that are easily automated. For example, threat detection through network monitoring is a solution likely to be outsourced.

The amount and growth of cyber-security spending is related to how it's prioritized within the organization and the country as a whole. The US government and financial services industry, for example, spend a lot on cyber-security and could serve as examples for others to emulate in recruitment and development.

Worldwide, market reports estimate total spending in the sector ranged from $75 billion to more than $100 billion in 2015. It's anticipated that annual spending will increase between 7.4% and 16% over the next five years, according to the report.

The growth in spending will be necessary as businesses also face greater risk and high cost of external internet cyberattacks. Research indicates many organizations experience at least one cyberattack per month and spend an average of $3.5 million to address them each year.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
PJVD
100%
0%
PJVD,
User Rank: Apprentice
8/4/2016 | 10:30:47 AM
Cyber-Security Skills Shortage
Being a retired "Bell-head" (Bell System), it sounds like we need to backup a bit to get better at security. In the Old days secure communications was paramount. We couldn't even route a secure circuit over radio based technology. It had to be guananteed 100% terrestrial. That need for security surfaced in everything we engineered throughout my career. That is until the arrival of the Internet and systems for entertainment became prime. 

I do know that security is possible in every design began at layer 1 as the first priority. Once that is done the rest falls into place.
mbp47252dr
50%
50%
mbp47252dr,
User Rank: Apprentice
8/4/2016 | 12:44:51 PM
Cyber-Security Skills Shortage Leaves Companies Vulnerable
    If I may, I'd like to point out that one of the unfortunate roadblocks for newly Cyber and Digital Forensics-educated individuals is the high percentage of positions which require that applicants have pre-existing security clearances. This scenario is akin to the age-old conundrum of being unable to obtain employment due to lack of experience...with the inexperienced individual lamenting they cannot gain experience without having a job. If fewer positions required a pre-existing security clearance and/or there were methods in place which allowed for expedited processing and procurement of said clearances, the shortage of the aforementioned positions could be alleviated.
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll