July 18, 2018

A third of companies don’t have a single cybersecurity expert, despite a rising attack rate

By Lucy Ingham

35% of companies do not have a cybersecurity expert on staff despite the fact that cyberattacks are anticipated to increase further in the next few years.

The findings, which are the result of a survey by Gartner, have raised concerns among the cybersecurity industry.

“Gartner’s findings are quite shocking but capture the heart of a worldwide problem: the frequency, severity and sophistication of attacks is growing faster than organisations can keep up,” said Piers Wilson, head of product management at Huntsman Security.

Organisations remain concerned about cyberattacks

The findings, which were published in Gartner’s 2018 CIO Agenda Survey, found that despite the lack of cybersecurity expert roles in many businesses, organisations remain concerned about the issue.

However, they often struggle to keep up with the changing cybersecurity reality.

“In a twisted way, many cybercriminals are digital pioneers, finding ways to leverage big data and web-scale techniques to stage attacks and steal data,” said Gartner research director Rob McMillan.

“CIOs can’t protect their organisations from everything, so they need to create a sustainable set of controls that balances their need to protect their business with their need to run it.”

Cybersecurity expert shortage

One key issue that impacts the number of companies with a cybersecurity expert on staff is the lack of people with adequate skills to do the job.

“Cybersecurity is faced with a well-documented skills shortage, which is considered a top inhibitor to innovation,” said McMillan. “Finding talented, driven people to handle the organisation’s cybersecurity responsibilities is an endless function.”

“By next year, ISACA predicts a global shortage of two million cybersecurity professionals, so it’s no wonder that so many organisations are radically understaffed in this area,” agreed Wilson.

“On top of that, for those companies that do have cybersecurity teams, the incredible workload is likely to lead to burn-out, mistakes or vital warning signs being overlooked – all of which increases the likelihood of a successful attack.

“This emboldens attackers further – creating a vicious spiral of ever-increasing assaults.”

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: