Cybersecurity skills crisis is affecting 70 percent of organizations

Vacant chair

We've been talking about the cybersecurity skills gap for more than a decade, but new research from the Information Systems Security Association (ISSA)  and independent industry analyst firm Enterprise Strategy Group (ESG) reveals it's not going away.

The shortage has impacted 70 percent of organizations, with consequences including increasing workloads, unfilled open job vacancies and an inability to learn or use cybersecurity technologies to their full potential.

Of the cybersecurity professionals surveyed 68 percent say they don't have a well-defined career path. When asked which was most important for their career development 52 percent chose hands-on experience while 44 percent claim that hands-on experience and certifications are equally important.

"As this and past reports clearly indicate, key constituents are not looking at the profession strategically," says Jon Oltsik, senior principal analyst and ESG Fellow. "While we are making some fragmented progress, the same issues present themselves year after year, including a shortage of skills, under-trained employees, and the stress and strain caused by a career in the cybersecurity field. These disturbing trends should be of concern to corporate directors and business executives, particularly in light of the alarming findings this year that 67 percent of respondents believe that cyber-adversaries have a big advantage over cyber-defenders."

The length of time it takes to gain sufficient skills in cybersecurity is a factor with 39 percent believing it takes anywhere from three to five years to develop real cybersecurity proficiency, while 22 percent say two to three years and 18 percent claim it takes more than five years. For employers this means that entry level cybersecurity pros should be viewed as long-term investments, not immediate problem solvers.

Organizations should provide a bit more cybersecurity training according to 36 percent of respondents, while 29 percent believe their organizations should provide significantly more training.

"The cybersecurity gap cannot be addressed by simply filling the pipeline with new people. What's needed is a holistic approach, starting with public education, comprehensive career development and planning, and career mapping -- all with the support and integration with the business," says Candy Alexander, board president of ISSA International.

The full report is available from the ISSA site.

Image Credit: Africa Studio / Shutterstock

Comments are closed.

Why Trust Us



At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape.

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

Regional iGaming Content

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.