A new report has revealed that a cybersecurity skills shortage across key global markets is putting organisations directly at risk of attack.
Intel Security partnered with the Centre for Strategic and International Studies (CSIS) to carry out the research of 775 IT decision makers in the US, UK, France, Germany, Australia, Japan, Mexico and Israel.
About 82% of respondents admitted to a shortage of cybersecurity skills, with 71% claiming that this lack of trained information security professionals has directly led to damage to the organisation as it is making the company a bigger target for hackers.
The report also revealed that the cybersecurity skill shortage is worse than talent deficits in other IT professions.
In the US alone, 209,000 cybersecurity jobs were left unfilled during 2015, and that trend looks to continue with an average of 15% of those positions still unfilled by 2020.
The demand for cyber security professionals is outpacing the supply of qualified workers, the report said, with highly technical skills like intrusion detection, secure software development and attack mitigation more valued than softer skills, such as collaboration, leadership and communication.
CSIS senior vice president and director of the strategic technologies programme James Lewis said: “A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP.
“This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”
However, companies and countries that spend more on cybersecurity are better equipped to handle hackers.
Almost half of the respondents indicate that lack of training or qualification sponsorship are common reasons for talent departure. Plus, 76% say that governments are not investing enough in building cybersecurity talent.
Just 23% of those surveyed say that education programs are preparing students for cybersecurity jobs. More common training is coming from non-traditional sources such as gaming, hackathons and just plain old hands-on experience.
To combat the shortage, the report recommends companies to redefine their minimum credentials for entry-level jobs, accept non-traditional sources of education.
It goes on to say that companies should provide more opportunities for external training, identify technology that can offer intelligent security automation, collect attack data and develop better metrics for rapid detection of threats.
Intel Security Group SVP and GM Chris Young said: “The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cybersecurity talent shortage.
“To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line. Finally, we absolutely must diversify our ranks.”