The BCI

​Businesses vulnerable due to shortage of cyber security talent

News   •   Jul 29, 2016 11:59 BST

There is serious talent shortage crisis impacting the cyber security industry according to a new report published by Intel Security, in partnership with the Center for Strategic and International Studies (CSIS). 82% of respondents to a global survey admit to a shortage of cyber security skills, with 71% of respondents citing this shortage as responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets.

The Hacking the Skills Shortage Report highlighted that the demand for cyber security professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. Despite a quarter of respondents confirming their organizations had lost proprietary data as a result of this skills gap, there are no signs of it abating in the near-term. Respondents estimate an average of 15% of cyber security positions in their company will go unfilled by 2020.

The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously, and this starts by making sure resources are available to combat the threat. Such is the level of the threat that cyber attacks and data breaches were identified as the top two concerns to business continuity professionals in the BCI's Horizon Scan Report, which also identified availability of talents / key skills as a top ten concern.

The Hacking the Skills Shortage Report analysed four dimensions that comprise the cyber security talent shortage, which include:

Cyber security spending: The size and growth of cyber security budgets reveals how countries and companies prioritize cyber security. Unsurprisingly, countries and industry sectors that spend more on cyber security are better placed to deal with the workforce shortage.

Education and training: Only 23% of respondents say education programmes are preparing students to enter the industry. This report reveals non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons, may be a more effective way to acquire and grow cyber security skills. More than half of respondents believe that the cyber security skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities.

Employer dynamics: While salary is unsurprisingly the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer’s IT department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.

Government policies: More than three-quarters (76%) of respondents say their governments are not investing enough in building cyber security talent. This shortage has become a prominent political issue as heads of state in the US, UK, Israel and Australia have called for increased support for the cyber security workforce in the last year.

A shortage of people with cyber security skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”

The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cyber security talent shortage,” said Chris Young, senior vice president and general manager of Intel Security Group. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line.