Security skills gap remains huge, and incidents are growing as a result
The cyber security skills shortage is worsening for the third straight year and has affected nearly three quarters (74 percent) of organizations, according to the third annual global study of cyber security professionals by the Information Systems Security Association and independent industry analyst firm Enterprise Strategy Group (ESG).
For the study, the organizations surveyed 267 cyber security professionals and ISSA members worldwide, representing organizations of all sizes and industries. ISSA is an organization for security professionals.
The report showed that the skills shortage continues to be the root cause of rising security incidents, as organizations remain plagued by a lack of end-user cyber security awareness and the inability to keep up with the growing cyber security workload.
Nearly half (48 percent) of respondents have experienced at least one security incident over the past two years with serious ramifications including lost productivity, significant resources for remediation, disruption of business processes and systems, and breaches of confidential data.
Security professionals are skeptical about their chances for success, with 91 percent saying most organizations are vulnerable to a significant cyber attack. A large majority (94 percent) think the balance of power is with cyber adversaries over cyber defenders.
Nearly two thirds of the organizations surveyed (63 percent) continue to fall behind in providing an adequate level of training for their cyber security professionals. The most acute skills shortages involve cloud security (33 percent), followed by application security (32 percent) and security analysis and investigations (30 percent).
In an era where business leaders are more reliant on technology for success and are facing more scrutiny and accountability than ever before, this lack of progress and the resulting cyber-risk for organizations and their shareholders, customers and business partners should be a cause for concern for business and technology leaders alike.