Information Security

Defending the digital infrastructure

pixel_dreams - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

Global report: Cybersecurity skills shortage threatens security

The shortage in the security skills pipeline is creating vulnerabilities worldwide, according to one report. Executives say "gaming" can help companies develop a better workforce.

More than 80% of the IT professionals surveyed in a new report said they had problems filling security roles within their organization. As adversaries become more organized and well-funded, companies face security gaps due to a cybersecurity skills shortage.

"Hacking the Skills Shortage," a global report sponsored by Intel Security and the Center for Strategic and International Studies, is based on independent research conducted in May 2016. Research firm Vanson Bourne surveyed 775 IT professionals in eight nations who said they took part in their organization's cybersecurity decision making. All of the respondents worked in public or private sector organizations with 500 or more employees. Information was also gathered from interviews with experts and open source data.

When survey respondents were asked what skills mattered most for an entry-level security position, roughly 40% said their organizations required a bachelor's degree in computer science, technology, engineering or mathematics. However, when hiring decisions were actually made, hands-on experience, professional certifications and even "gaming" ranked higher as recommended skills for security. Almost 70% of those surveyed said national hacking competitions played a role in developing cybersecurity workforce skills for their companies. Computer hacking is increasingly featured in the storylines and gameplay of popular video games, such as BioShock and Watch Dogs, researchers noted.

More than 50% of the IT professionals surveyed said the cybersecurity skills shortage was "somewhat or far greater" than gaps in other IT disciplines. Of the skills that were in short supply, intrusion detection, secure software development and attack mitigation ranked the highest.

The cybersecurity skills shortage is putting companies at risk, according to those surveyed. Among the adverse effects, 35% of respondents said they can't maintain adequate staff, 33% said their organizations are targets for hackers who know their cybersecurity isn't strong and 25% have lost proprietary data through cyberattacks.

Many companies are investing in training and technology to address cybersecurity. And 60% of those surveyed reported that their organization has outsourced security functions such as risk assessment and mitigation, network monitoring and assessment and repair of compromised systems. Many of these outsourced functions are moving toward automation, according to the report.

Security Workforce Shortage Relative to IT Storage
Scarcity of Security Skills by Country and Outsourcing Cybersecurity Functions
Negative Effects of Cybersecurity Skills Shortage in the Workplace
Cybersecurity Skills Development in Universities and Vocational Programs
Gaming the Skills Gap: Role of National Hacking Competitions at Your Company
Article 5 of 6

Next Steps

Will education and outreach solve the security talent shortage?

Skills to look for in CISO candidates

Should you hire an ex-hacker?

This was last published in September 2016

Dig Deeper on Information security certifications, training and jobs

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

Should companies use gaming to attract employees with cybersecurity skills?
Cancel
I'm not calling anyone a liar, but I think this survey is *completely* unreliable. On the contrary, I think the professional associations (e.g., ISACA, ISC2, SANS) have created the impression of a shortage where in fact it is not different from other positions in IT. As someone actively in this market, including the federal service listings at USA.gov, I advise anyone making career decisions based on this information to absorb it along with contradictory evidence. What may be in a shortage, is the somewhat artificial stovepiped position descriptions in which organizations are trying to hire professionals with expertise in a vertical *and* cybersecurity. There's sometimes potential value in doing those narrow slots, but whether that added expertise is needed to manage risk and defend networks has yet to be proven. That other factor distorting the landscape is the oft-stated belief by cybersec software firms that there is a huge shortage -- hence you must purchase our (expensive) software to fill the gaps. That echo chamber is stadium-sized.
Cancel

Get More Information Security

Access to all of our back issues View All

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close