Securing the future: Cyber security readiness report
Chapter 6: A talent crunch
For many organizations, a cyber security talent crunch is having a significant impact on their ability to prepare for and defend against a growing number of threats. In a recent survey, 60% of respondents reported that a talent shortage was a key challenge for achieving security preparedness.
Demand for cyber security professionals is outpacing supply by a wide margin. According to a 2022 survey by ISC2, there is a shortage of approximately 3.4 million cyber security professionals globally. Why is there such a huge deficit? The growing number and variety of cyber security threats plays a central role. Organizations need more people to identify security trends, implement the right solutions to counter threats, and then manage those solutions going forward.
Interestingly, the number of security solutions implemented by organizations does not seem to have a huge effect on whether they report staffing shortages. Companies with more security solutions feel the pain of the tech talent crunch only slightly more acutely. According to research, 65% of organizations with 15 or more cyber security solutions were likely to report talent shortages. Meanwhile, 60% of organizations with fewer than 15 solutions also reported staffing shortages. In other words, organizations feel the talent crunch no matter how many solutions they have in place.
The type of solutions that organizations adopt, however, could affect their ability to find qualified team members. As security teams implement more specialized tools, they increasingly search for personnel with specialized skills to manage them. For example, security teams might deploy tools from multiple cloud providers. Even if those tools share some commonalities, each might have a unique interface and workflow. Teams often try to find personnel with just the right skills and experience.
Given the overall shortage of personnel, many organizations would benefit from training new hires and existing personnel, instead of focusing primarily on hiring people with precisely the right skill sets and experience. Establishing a training program can also help improve agility in the long run: As threats evolve, security teams will need to have practices in place to bring existing personnel up to speed quickly on the latest technologies and strategies.
Addressing the talent shortage is critical because understaffing can have serious repercussions. Among understaffed organizations, 54% had 10 or more security incidents in the past 12 months. Of course, in an environment where security incidents are high overall, greater staffing isn’t a cure-all. Among organizations with sufficient staffing, 47% experienced 10 or more security incidents in the past year.
Most organizations do not have the ability to affect the supply of skilled, experienced cyber security professionals. And with budgets always a concern, few can hire professionals away from other firms.
However, organizations do have the power to modify their approach to security and security operations so they can minimize the impact of the talent crunch. Focusing more on training could reduce the need to find personnel with specific skill sets. In addition, enhancing an organization’s security culture can alleviate some of the pressure for hiring more personnel.
Adopting a more holistic approach to security will also be key. By implementing a single, unified platform instead of numerous point solutions, security teams can increase control and visibility over their IT environment without straining staffing resources.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Key takeaways
After reading this article you will be able to understand:
Survey results from over 4,000 cyber security professionals
New findings on security incidents, preparedness, and outcomes
Considerations for CISOs to secure the future and achieve better outcomes for their organization