The cyber security skills gap has remained large, according to a recent report. Surveying more than 2,300 cyber security professionals globally, the report says that almost 3 in 5 (59%) of organisations have unfilled cyber or information security positions. To add to difficulties, more than half (54%) say that it takes 3 months or more to fill such a position.

The skills gap is most acutely felt for technically skilled staff, as reported by more than three quarters (77%) as opposed to less than half (46%) who said the difficulties were most acute for non-technical staff.

Of the technical staff available, more than a third (39%) said there is an inability among such professionals to understand business needs, while a third said that there were deficiencies in their technical skills.

Problem with gender equality?

Gender disparity was identified as a key problem area. The vast majority of male respondents (82%) said that men and women are offered the same opportunities for career advancement in cyber security, however, only half (51%) of women said the same. Only half (51%) of respondents said their organisation had gender diversity programmes in place to support women cyber security professionals. Furthermore, at organisations where such programmes were in place, 87% of men and 77% of women agree that equal opportunities are offered.

According to the report, skills challenges remain but are better understood than previously.

“Enterprises still have open security positions, and the time to fill them appears to have decreased slightly,” says the report. “Demand is greatest for skilled technical resources at the individual-contributor level, rather than the management or executive level. For job seekers, technical skills are a strong differentiator – especially those that can be objectively demonstrated. For enterprises, automating security activities and better, more efficient vetting of security technical personnel may create competitive advantage.”

Reasons for optimism

While there is much to be done to address the cyber security skills gap, there are other positive signs identified by the report. Almost two thirds (64%) said that budgets were increasing, while slightly more (69%) felt their board was sufficiently prioritising cyber security issues.