Data breaches blamed on cyber security skills shortage

Register now

Around the globe, companies are feeling the pain of the cyber security skills shortage, and the situation is getting worse.

Seventy percent of some 343 information security professionals worldwide think the cyber security skills shortage has had an impact on their organization, according to a new survey conducted by the Information Systems Security Association (ISSA) and the analyst firm Enterprise Strategy Group (ESG).

Most significantly, the skills shortfall appears to be exacerbating the number of data breaches that are occurring. Nearly half (45 percent) of the businesses surveyed experienced at least one security event over the past two years, and 91 of the respondents believe that their organization is vulnerable to a significant cyber-attack or data breach.

Dearth of training
Per these data security professionals, the skills shortage is one of the two chief factors contributing to these events. The other is a dearth of training for non-technical employees. Worse yet, 62 percent of the respondents indicate that their organization doesn’t provide adequate training for its cyber security staff.

Specifically, the respondents pointed to several acute skill shortages including security analysis and investigations, application security and cloud computing security. Further aggravating the situation, one out of five of those surveyed indicated that cyber security is still a low priority for their executive management.

The implications of the skills shortage are becoming more
pervasive and ominous, notes Jon Oltsik, senior principal analyst at ESG and the report’s author. “It is clear that the solution must be about more than filling jobs,” he says. “It is about creating an environment from the top down of cyber security as a priority.”

For reprint and licensing requests for this article, click here.