SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity skills gap poses threat to business protection measures
Tue, 2nd Jan 2024

There is a growing demand for skilled cybersecurity professionals as digital threats increase in both frequency and sophistication, according to a report by Help Net Security. The significant skills gap within the sector possesses a substantial risk to the protective measures of businesses and institutions, impacting areas such as penetration testing, threat analysis, and wider workforce diversity. Continuous skill development is also impacted largely by the shortage of experts.

IT decision-makers remain optimistic, however, with 87% believing the cloud skills gap within their organisations would improve in the next five years. "The cloud skills gap is digital transformation's Achilles heel," said Help Net Security, highlighting it as a major point of focus.

Alarmingly, 71% of organisations have been affected by the cybersecurity skills shortage, a noticeable rise from the 57% reported in a previous study. This has led to increased workloads for cybersecurity teams (61%), failure to fill job vacancies (49%), and high levels of staff burnout (43%).

The report found that 51% of organisations which reportedly laid off cybersecurity staff had been significantly impacted by skills gaps compared to just 39% of businesses that not made cybersecurity redundancies. The study suggests, "Cybersecurity pros battle discontent amid skills shortage."

On a positive note, exciting opportunity lies in the rethinking of degree requirements. The cybersecurity industry perceives hands-on experience in a cybersecurity role (97%), held credentials (88%), and completion of relevant training courses (83%) as significant factors that qualify a candidate as suitable for a cybersecurity job.

Another area of concern is within mid-sized businesses, with 61% reporting that they lack dedicated cybersecurity experts, and only 9% claiming their workers adhere to critical security best practices. These businesses evidently struggled to implement basic training measures and recruit the necessary staff.

The shortage of 'soft skills' within the sector could be part of the issue. Employers are looking for qualities such as communication (58%), critical thinking (54%), problem-solving (49%), teamwork (45%), and attention to detail (36%).

Despite facing a request to cut costs from 65% of tech team leaders, 72% still aim to invest more in tech skill development in 2023. As upskilling current talent is more cost-effective than hiring new employees, an outstanding 97% of learning and development and HR directors are favouring internal talent over hiring for vacant positions.

Professional education and training play a crucial role in mitigating the skills deficit. The number of US learners enrolling in STEM courses has risen by 22%, reaching 4.6 million by March 31, 2023, with women comprising 41% of enrolments.

The cybersecurity sector is grappling with talent shortage; 72% of consumers believe this is due to limited exposure to the profession at a young age, the incorrect belief that candidates need a four-year college degree for consideration, and a lack of provision for cybersecurity education and training in schools.

The process of filling cybersecurity roles has markedly slowed in recent years. In fact, 70% of companies reported that it now takes longer to fill these positions than it did two years ago, with 82% noting that it takes three months or longer, and 34% stating it takes seven months or more.