Cybersecurity skills shortage creating hiring chaos
Here’s a quick review of some of the cybersecurity skills shortage data I’ve cited about in recent blogs:
- According to ESG research from early 2017, 45 percent of organizations claim to have a problematic shortage of cybersecurity skills.
- In a recent research project conducted by ESG and the information systems security association (ISSA), 70 percent of cybersecurity professionals say the cybersecurity skills shortage has had an impact on their organization. The skills shortage has led to an increasing workload on existing staff, the need to hire and train junior employees due to the lack of experienced talent, and a situation where the cybersecurity staff spends most of its time on emergency issues and very little time on proactive strategic planning or training.
- When asked to identify factors that contributed to past security incidents, 22 percent said their cybersecurity team was not large enough for the size of their organization, while 18 percent stated that the cybersecurity team cannot keep up with the workload.
- More than two-thirds (67 percent) of cybersecurity professionals claim they are too busy with their jobs to keep up with skills development and training.
So, in aggregate, many organizations are understaffed, many lack some (or many) types of advanced cybersecurity skills, and the staff is too busy to invest time in continuing education to keep up with the latest threats. Yikes!
Huge demand for cybersecurity talent
CISOs recognize these issues and many organizations are actively hanging a “help wanted” sign to find cybersecurity talent. Unfortunately, it is exceedingly difficult to bring new people onboard. Why? Experienced cybersecurity professionals are in high demand, so organizations are engaged in a battle royale to coax them away from their present employers and outbid others for their services.