Cyber-Security Skills Shortage Leaves Companies Vulnerable - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
02:36 PM
Connect Directly

Cyber-Security Skills Shortage Leaves Companies Vulnerable

A lack of valued cyber-security skills has left businesses open to attacks resulting in reputation damage and data loss, research shows.

10 Hiring Challenges Confronting CIOs
10 Hiring Challenges Confronting CIOs
(Click image for larger view and slideshow.)

A robust security strategy requires a skilled workforce. Today's IT managers are challenged to defend their networks as a lack of cyber-security talent is leaving them vulnerable to attack.

Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), recently released a report called "Hacking the Skills Shortage."

The report is based on research from tech market research firm Vanson Bourne, which interviewed 775 IT decision-makers involved in cyber-security within their organizations. Respondents represented the US, UK, France, Germany, Australia, Japan, Mexico, and Israel.

[Read: 9 Promising Cloud Security Startups to Watch]

The vast majority of participants (82%) reported a lack of cyber-security skills within their organization. One in three say the shortage makes them prime hacking targets; one in four say it has led to reputational damage and the loss of proprietary data via cyberattack.

It's a problem spanning businesses and industries around the world. The global cyber-security workforce will have 1 to 2 million jobs unfilled by 2019. In the US alone, about 209,000 cybersecurity jobs were unfilled in 2015, according to a report cited by the study.

Highly technical skills are in greater demand among employers than "soft skills" like collaboration. For example, businesses have a tough time finding talent for secure software development, intrusion detection, and attack mitigation.

Most respondents report there is not enough being done to address the skills shortage. More than three-quarters (76%) said they believe their government is not investing enough in building cyber-security talent.

The challenge in finding skilled professionals can be partially attributed to a lack of adequate training. About half of the companies in this study said they prefer at least a bachelor's degree in a relevant technical area to enter the cyber-security field.

Unfortunately, this requirement seems superficial, given its usefulness. A degree in this field has more utility in marketing a candidate than in reflecting his or her cyber-security skills, according to the report.

When asked about the best ways to build cyber-security skills, respondents ranked hands-on experience and professional certifications above a degree. Sixty-eight percent reported hacking competitions also proved useful in helping professionals develop these skills.

(Image: 4x6/iStockphoto)

(Image: 4x6/iStockphoto)

As they struggle to find talented workers, almost all participants said cyber-security technologies could compensate for the lack of talent. More than half (55%) said they believe that in five years, cyber-security solutions will have advanced to meet their needs.

Respondents also said they plan to address the skill shortage through outsourcing, but primarily for areas that are easily automated. For example, threat detection through network monitoring is a solution likely to be outsourced.

The amount and growth of cyber-security spending is related to how it's prioritized within the organization and the country as a whole. The US government and financial services industry, for example, spend a lot on cyber-security and could serve as examples for others to emulate in recruitment and development.

Worldwide, market reports estimate total spending in the sector ranged from $75 billion to more than $100 billion in 2015. It's anticipated that annual spending will increase between 7.4% and 16% over the next five years, according to the report.

The growth in spending will be necessary as businesses also face greater risk and high cost of external internet cyberattacks. Research indicates many organizations experience at least one cyberattack per month and spend an average of $3.5 million to address them each year.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
8/4/2016 | 12:44:51 PM
Cyber-Security Skills Shortage Leaves Companies Vulnerable
    If I may, I'd like to point out that one of the unfortunate roadblocks for newly Cyber and Digital Forensics-educated individuals is the high percentage of positions which require that applicants have pre-existing security clearances. This scenario is akin to the age-old conundrum of being unable to obtain employment due to lack of experience...with the inexperienced individual lamenting they cannot gain experience without having a job. If fewer positions required a pre-existing security clearance and/or there were methods in place which allowed for expedited processing and procurement of said clearances, the shortage of the aforementioned positions could be alleviated.
User Rank: Apprentice
8/4/2016 | 10:30:47 AM
Cyber-Security Skills Shortage
Being a retired "Bell-head" (Bell System), it sounds like we need to backup a bit to get better at security. In the Old days secure communications was paramount. We couldn't even route a secure circuit over radio based technology. It had to be guananteed 100% terrestrial. That need for security surfaced in everything we engineered throughout my career. That is until the arrival of the Internet and systems for entertainment became prime. 

I do know that security is possible in every design began at layer 1 as the first priority. Once that is done the rest falls into place.
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll