Cybersecurity Skills Shortage is Impacting Organizations

May 10, 2019

Seventy-four percent of organizations are impacted by the cybersecurity skills shortage, according to a study of cybersecurity professionals by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG).

Key findings include:

48 percent of respondents have experienced at least one security incident over the past two years with serious ramifications including lost productivity, significant resources for remediation, disruption of business processes and systems and breaches of confidential data.
91 percent believe that most organizations are vulnerable to a significant cyber-attack.
94 percent believe that the balance of power is with cyber-adversaries over cyber-defenders. With the battlefield advantage skewed, organizations face increasing and potentially devastating cyber-risks.
63 percent of organizations continue to fall behind in providing an adequate level of training for their cybersecurity professionals. The most acute skills shortages shifted this year to cloud security (33 percent), followed by application security (32 percent) and security analysis & investigations (30 percent).

The research also indicates an alarming personal impact related to cybersecurity jobs, including:

Stressful aspects of the job: 40 percent responded with keeping up with security needs of new IT initiatives, followed closely by “shadow” IT initiatives, trying to get end-users to better understand cyber-risks and change their behavior and trying to get the business to better understand cyber risks.
Added stress of new data privacy responsibilities: Almost one year in, GDPR is in full swing, and cybersecurity teams may not be up to the task. 84 percent claim that the cybersecurity team at their organization has taken a more active role with data privacy over the past 12 months, but 21 percent don’t believe the cybersecurity team has been given clear directions and 23 percent don’t believe the cybersecurity team has been given the right level of training.
Job-related pressures driving virtual CISO (vCISO) as attractive career option: 10 percent of organizations now employ a vCISO. Furthermore, 29 percent of CISOs are working as a vCISO while another 21 percent are considering it and 33 percent would consider it in the future.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Cybersecurity Skills Shortage is Impacting Organizations

Related Articles

Related Products

Related Events

Report Abusive Comment