At the end of each year, ESG conducts a wide-ranging global survey of IT professionals, asking them about challenges, purchasing plans, strategies, etc. As part of this survey, respondents were asked to identify areas where their organisation has a problematic shortage of skills.
In 2018-2019, cyber security skills topped the list — 53% of survey respondents reported a problematic shortage of security skills at their organisation. IT architecture/planning skills came in second at 38%.
The cyber security skills shortage is nothing new. Alarmingly, the skills deficit has held the top position in ESG’s annual survey every year. Furthermore, the percentage of organisations reporting a problematic shortage of cyber security skills continues to increase.
Last four survey results:
- 2018-2019: 53% of organisations report a problematic shortage of cyber security skills.
- 2017-2018: 51% of organisations report a problematic shortage.
- 2016-2017: 45% of organisations report a problematic shortage.
- 2015-2016: 42% of organisations report a problematic shortage.
There are many worthwhile industry and academic programs in place to address this issue. Despite these efforts, however, research from ESG and others indicates that the cyber security skills shortage is getting incrementally worse each year.
How to fix the shortage
Rather than go it alone, large cyber security and technology vendors such as Amazon, Check Point, Cisco, Dell, Facebook, Google, HP, IBM, McAfee, Microsoft, Oracle, Palo Alto Networks, Symantec, and Trend Micro should pool their resources and talent to come up with strategies and programs for security training. An industry-wide organisation would have tremendous visibility and power to get the job done.
Of course, CISOs can’t wait around for government agencies and technology vendors to get their acts together. In the meantime, security managers must take the cyber security skills shortage into account with every decision they make. Organisations should also strive for continuous training of their staff and encourage security personnel to participate in professional organisations.
Source: CSO Online