A new study says that 93 percent of security professionals are concerned about the cybersecurity skills gap, and 72 percent believe it is more difficult to hire skilled security staff to defend against today’s cyberattacks compared to two years ago.

The Tripwire study, The Skills Gap Survey, also showed that 81 percent believe that the skills required to be a great security professional have changed in the past few years.

Twenty percent of respondents said their organizations had hired people with expertise not specific to security over the past two years, and another 17 percent stated they plan to do the same in the next two years. Additionally, the study found that 50 percent plan to invest more heavily in training their existing staff to help with the looming skills shortage.

“It’s evident that security teams are evolving and maturing with the rest of the cybersecurity industry, but the pool of skilled staff and training simply aren’t keeping up,” said Tim Erlin, vice president of product management and strategy at Tripwire. “For example, beyond their technical duties, security practitioners may now be expected to spend more time in boardrooms or in the CFO’s office to secure more budget. While the makeup of the cybersecurity workforce may be changing, the fundamentals of protecting an organization have not. It will be critical during this transition to ensure there’s a long-term strategy in place around maintaining their foundational security controls.”

The study also looked at how organizations expect to tackle the skills gap in the future and found:

  • Ninety-one percent plan to supplement their team by outsourcing for skills.
  • Eighty-eight percent believe managed services would add value to solving the skills gap problem.
  • Ninety-eight percent expect other functions like non-security teams to be more involved in cybersecurity moving forward.
  • Ninety-six percent believe that automation will play a role in solving the skills gap in the future.

Erlin added: “The skills gap doesn’t have to be an operational gap. Security teams shouldn’t overburden themselves by trying to do everything on their own. They can partner with trusted vendors for managed services or subscribe to service plans where outside experts can act as an extension of the team. Organizations should also understand that security is a shared responsibility across different functions, so people from other parts of the business should be involved in the cybersecurity program. And, of course, automation can add value not only in reducing manual work, but also in ensuring that everything is up-to-date and working as it should in real time. Security teams may just need to work more creatively.”