Cybersecurity skills crisis impacts more than half of organizations
The cybersecurity skills crisis has impacted 57 percent of organizations, according to the fifth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG).
The survey of almost 500 security professionals finds the top effects of the skills shortage include an increasing workload for the cybersecurity team (62 percent), unfilled open job vacancies (38 percent), and high burnout among staff (38 percent).
In addition 95 percent of respondents say the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 44 percent say it has only become worse. The most-often cited areas of cybersecurity skills shortages include cloud computing security, security analysis and investigations, and application security.
Organizations could be doing more to address the cybersecurity skills shortage according to 59 percent of respondents. Not offering competitive remuneration is the top factor (38 percent) contributing to organizations' cyber skills shortages because it makes it difficult to recruit and hire the cybersecurity professionals that organizations need. More than three-quarters (76 percent) admit that it's difficult to recruit and hire cybersecurity staff, with nearly a fifth (18 percent) say it's extremely difficult. Being offered a higher compensation package is the main reason (33 percent) CISOs leave one organization for another.
Salaries aside, when asked what actions organizations could take to address the cybersecurity skills shortage 39 percent cite an increase in cybersecurity training so candidates can be properly trained for their roles. To maintain and advance their skill sets, many cybersecurity professionals seek to achieve at least 40 hours of training each year, but 21 percent of those surveyed didn't meet that target. The main reason given for this is that their jobs don't pay for 40 hours of training per year and they can't afford it by themselves, according 48 percent of respondents.
"There is a lack of understanding between the cyber professional side and the business side of organizations that is exacerbating the cyber skills gap problem," says Candy Alexander, board president of ISSA International. "Both sides need to re-evaluate the cybersecurity efforts to align with the organization's business goals to provide the value that a strong cybersecurity program brings towards achieving the goals of keeping the business running. Cybersecurity leaders should be able to link the security efforts directly to strategic business goals."
The full report is available from the ISSA site.