Eighty-two percent of respondents confess to a cybersecurity skills deficiency, with 71% citing this shortage for causing organizational damage, including data breaches, according to an Intel/Center for Strategic and International Studies report.
The global study, Hacking the Skills Shortage, revealed the cybersecurity talent crisis existed in Australia, France, Germany, Israel, Japan, Mexico, the U.S. and the U.K.
In 2015, 209,000 cybersecurity jobs remained vacant in the United States, according to the report. In spite of one of four respondents confirming their organizations lost proprietary information because of their cybersecurity skills gap, there are no signs of this workforce shortage decreasing soon. Respondents anticipated an average of 15% of cybersecurity positions in their business would go unfilled by 2020.
“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP,” James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS, said in a press release. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their
The report suggested the increase in cloud, mobile computing, and the Internet of Things, as well as advanced targeted cyberattacks and cyberterrorism across the globe, made the need for a stronger cybersecurity labor force important.
The demand for cybersecurity professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. Skills such as intrusion detection, secure software development, and attack mitigation are far more valued than softer skills including collaboration, leadership, and effective communication.
This report studied four dimensions that comprise the cybersecurity talent shortage:
- Cybersecurity spending: countries and industry sectors that spend more on cybersecurity are better able to deal with the workforce shortages.
- Education and training: only 23% of respondents say education programs are preparing students to enter the industry. Non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises, and hackathons, may be a more effective way to acquire and grow cybersecurity skills.
- Employer dynamics: While salary is the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer’s IT department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.
- Government policies: 76% of respondents say their governments are not investing enough in building cybersecurity talent.
“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cybersecurity talent shortage,” Chris Young, senior vice president and general manager of Intel Security Group said. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line. Finally, we absolutely must diversify our ranks.”
The report’s recommendations for moving forward include redefining minimum credentials for entry-level cybersecurity jobs, accepting non-traditional education sources, diversifying the cybersecurity field, providing more opportunities for external training, identifying technology that can provide intelligent security automation, and collecting attack data and developing better metrics to identify threats quickly.