Maintaining cybersecurity is a growing problem. In a year of geopolitical turmoil which has encroached into areas like critical infrastructure through state-sponsored and state-affiliated cyberattacks, the need for an effective IT security defence has never been more apparent. Unfortunately, lack of resources, particularly of the human variety that have plagued the security industry for years, are an obstacle to shielding enterprise assets.
Despite some major efforts across industries to bring in more security talent, there are still major gaps in coverage. In its 2022 Cybersecurity Workforce study, the non-profit security professional’s organization (ISC)² reported an 11.1% increase in the number of security professionals in the workforce globally. This represents an addition of 464,000 security staff in the last year. Unfortunately, demand is outstripping supply. The number of unfilled IT security positions has more than doubled to a 26.2% increase in the last year representing more than 3.4 million vacant slots.
Most of the surveyed organizations said the staffing gaps place their operations at risk. Respondents in aerospace, government, education, and transportation reported the most serious skills gaps. And of the 70% who lack adequate IT security headcount, more than 50% said their organization is at moderate or extreme risk of a cyberattack.
Cybersecurity staff shortages are a problem
When asked what issues they experienced that could have been mitigated if they had enough cybersecurity staff, for percentages were higher for each option this year than last. Nearly 50% said they don’t have enough time for proper risk assessment and management. Some 43% noted their organization lacked effective oversights in process and procedure.
Many noted scarce resources are forcing them to scramble to carry out the most fundamental tasks. Some 39% admitted they are slow to patch critical systems. And 38% observed that they don’t have enough time to adequately train each cybersecurity team member.
Though it does appear organizations are actively trying to staff up, there are a myriad of reasons behind the security workforce gap; the inability of the organization to find adequate talent is most often cited. In the competitive environment, organizations struggle with turnover.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
On a broader scale, technology companies themselves are investing in cybersecurity education in both higher education and secondary grades. For example, IBM is working with universities and secondary institutions to develop curriculum and provide support resources. Initiatives like these which help schools to hone their cybersecurity professional programs are ramping up at institutions across the US and abroad. How effective these will be in helping close the gap remains to be seen. However, it is abundantly clear that if the gaps widen even further, the level of risk will continue to escalate at pace.