Studies focused on cybersecurity as a profession find each year that skills in the area are rare, and expensive at that. This year is no different. While IT leaders are starting to take steps to mitigate this issue, organizations worldwide remain at risk for doing too little, too late.
Data in the 2019 (ISC)2 Cybersecurity Workforce Study indicates that the cybersecurity workforce must hire no less than 4 million professionals worldwide to close the skills gap and better defend organizations.
This reality is not unknown to CISOs and CIOs the world over. However, IT security spend is still low compared to other IT investments, according to a separate study by CyberEdge. Some 81% of organizations suffered at least one successful cyberattack, up from 78 percent the prior year, the study uncovered.
The market research firm has found that IT security consumes roughly 12.8 percent of the overall IT budget, up from 12.5 and 12.1 percent in the preceding two years. While the trend is certainly positive, cybersecurity skills are still lacking in major industries across the globe, especially in the healthcare sector where cybercriminals have been having a field day in the past year. And if the COVID-19 pandemic is any indication, the clock is ticking for critical infrastructures to act now.
“A severe shortage of IT security talent is driving important changes in technology and practices,” CyberEdge researchers said, noting that 85 percent of organizations are experiencing a shortfall of skilled IT security personnel.
“Survey respondents cited ‘lack of skilled personnel’ as their biggest obstacle to adequately defending against cyberthreats. This crisis is leading to strong preferences for technologies that can increase the productivity of existing IT security teams,” the researchers said, enumerating solutions like advanced security analytics, as well as security products built on an Artificial Intelligence (AI) foundation.
There is some good news, too. IT leaders are starting to understand how to better distribute their tight cybersecurity budgets. The most sought-after technologies aimed at filling the skills gap in 2020 include next-generation firewalls and threat intelligence platforms and services. Furthermore, the vast majority of IT security professionals who haven’t received formal training would welcome it. And two-thirds of IT security professionals who haven’t yet achieved a security professional certification plan to get started in 2020.