Study Shows Cyber Security Disconnects

Organizations around the world consider innovation to be a top business priority and they are captivated by the potential of emerging technologies. At the same time, however, they’re concerned about their cyber security readiness and the struggle to hire enough workers who have the right skills to meet the organization’s needs.

That’s according to a recent report by CompTIA, a trade association for the global IT industry. The study, “International Trends in Technology and Workforce,” is based on a survey of more than 1,500 business and technology professionals from 14 countries.

Across all the countries CompTIA looked at, nearly three quarters (72%) rated technology as a primary factor in reaching their business objectives. About one quarter (23%) consider technology a secondary factor in helping to meet those goals, and just 4% describe technology as a nonfactor. Exactly three quarters said their organization has seen an excellent or good return on investment (ROI) from their technology spending.

Many of the executives (54%) have a positive view of emerging technology, while another 21% take a middle-ground position, expressing equal parts excitement and trepidation.

At the other end of the spectrum, CompTIA said, one quarter report mostly feelings of trepidation about emerging technology. Budget constraints, aversion to risk, and a lack of a clear business case are among the main factors causing some organizations to take a measured approach.

With cyber security, there are clear disconnects, according to the report. Security continues to grow in importance in an increasingly digital and interconnected world, the report said, and many businesses are increasing their security investments or elevating their focus on this area.

Nearly 70% of executives describe their organization’s cyber security as completely or mostly satisfactory. But this shows that there is a lot of room for improvement, especially considering that the remainder of the respondents identified their organization’s approach to security as simply adequate (25%) or inadequate (6%).

Those organizations that indicate satisfactory levels at significantly higher rates than their counterparts tend to be large-sized enterprises and technology and financial/banking/insurance companies that are mostly excited about emerging technology. On the other hand, those that consider their security to be adequate or unsatisfactory tend to be less excited about emerging technology and experience fair or poor technology ROI.

The self-assessment levels of security satisfaction are presumably even lower, the study said, given that organizations are more likely to report on themselves on the optimistic side. This is further compounded by the fact that organizations are in many cases less prepared than they think.

A low understanding of new cyber security threats is a top challenge for companies, the study said. Given the projected high growth rates for emerging technologies expected over the next several years, it said, there is a need for businesses to re-evaluate approaches to cyber security.

Security underpins the many facets of emerging technology, CompTIA noted. And this, along with the high growth rates for emerging technologies expected over the next several years, has created a need for organizations to re-evaluate their approaches to security.

In fact, 88% of those surveyed said their organization recently changed its security approach, with 40% due to a change in IT operations such as a move to cloud. For another 32% of the respondents, cyber security priorities shifted as a result of knowledge gained from training or certification.

Challenges exist on the workforce front as well. The skills gap remains an ongoing challenge for most organizations, with nearly half of the executives surveyed (46%) saying the situation has grown more difficult over the past two years.

The top areas of skills gap concern reported by managers in the CompTIA survey include a newer technology areas as well as more core technologies.

Among the most commonly cited skills in short supply are emerging technologies such as artificial intelligence (AI), automation, blockchain, etc. [with 57% saying there are significant or moderate gaps); cyber security (55%); integration of different applications, data sources, platforms, and devices (55%); software or application development 954%); and digital business transformation/modernizing legacy hardware or software (54%).

Getting an accurate assessment of the skills gap is difficult, the study said, and is compounded by the fact that only a minority of the responding organizations said they have a good handle on identifying and assessing skills gaps.

Only 42% of the organizations surveyed have formal strategies and resources in place to address the skills gaps. On the other hand, nearly two thirds have mandatory training and professional development for employees in technical or soft skills.