With ransomware soaring in number and payoff demand, enterprises are navigating the escalating threat environment often with a dearth of internal expertise. Industry estimates place the number of unfilled security positions at 2.7 million globally. Facing down the onslaught of threats, many organizations are reassessing their approaches to staffing and casting a wider net with respect to hiring for IT security roles.

In a recent survey of 1,250 hiring managers in Canada, India, the United Kingdom and the United States, the non-profit International Information System Security Certification Consortium (ISC)² found many organizations are increasingly hiring staff with limited or no experience in cybersecurity.

Today entry and junior level, which for the purposes of the study is defined as respectively less than one year and less than four years’ experience working in the security field, combined account for almost two-thirds of all security positions. The smaller the company, the larger the percentage of less experienced security professionals is. That said, even large firms draw on entry and junior level IT security to fill their ranks with companies with 5,000 or more employees reporting that entry and junior level employees make up 56% of their security organizations.

Enterprises recruit internally

Some also recruit from other departments within their organization. The smaller the organization, the more likely they are to use this avenue with 46% of entities with fewer than 100 going this route versus 34% of businesses with 5,000 or more employees. Other departments in IT are the most common sources for cross-skilling/upskilling workers in cybersecurity, representing 89% of the retrained security workers. However, staff come from other departments as well including customer service, communications, and Human Resources.

Training is obviously a fundamental component of helping these newer security professionals be effective in their roles. Most of these enterprises – 91% – provide work hours training to these workers. These efforts can yield good results quickly. Thirty-seven percent of the surveyed hiring managers said the lower-level staff members were able to take on tasks within six months or less after they were hired. Most described the spend associated with training lower-level security as reasonable. Eighty-two percent said training costs were less than $5000, with 42% spending under $1,000 to bring their new staff to a point where they can take ownership of assignments.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.