Ninety Percent of Security Leaders Warn of Skills Shortage
Most IT security decision-makers are struggling to recruit workers to address a shortage of skilled professionals, despite business backing to do so, according to new research.
Global cybersecurity recruitment firm Stott and May teamed up with venture investor Forgepoint Capital to compile the Cyber Security in Focus study. It features responses from cybersecurity directors, security operations directors and VPs of product security in EMEA and North America.
Some 87% of respondents admitted they are suffering skills shortages, with over a third (35%) claiming positions were left unfilled after a 12-week period.
As a result, in-house skills (43%) were cited as the most significant barrier to strategy execution, above budget (35%), technology (13%) and board-level buy-in (9%).
The challenges around hiring have also led to a surge in salaries: 54% of hiring managers believe that these have increased more than 11% year on year in the sector.
The study also highlighted something of a contradiction. Security is gaining board-level buy-in. Some 80% of security leaders said their business perceives the function as a “strategic priority,” up from 54% last year. In addition, 100% agree that the business feels the function plays a role in improving the overall value proposition to customers.
However, over half (51%) of respondents argued that cybersecurity investment is still not keeping pace with digital transformation.
As investments in digital increase, sourcing the right engineering-centric CISOs will be the key to success, according to Forgepoint Capital managing director William Lin.
“A lot of digital transformation is inherently going to be driven by engineering, and finding a CISO that can empower developers with knowledge, tooling and experience will enable outcomes to be achieved faster and more securely,” he argued.
Heather Paunet, SVP at Untangle, argued that closing the cyber skills gap will require the industry to promote itself to would-be recruits better.
“There also needs to be organizational change that recognizes the severity and devastation cyber-attacks can cause and makes cybersecurity a priority. Companies need to ensure this investment isn’t just in technology, but also in their current workforce with continual training, advancement opportunities and recognition,” she added.
“In addition, IT education programs need to do the profession justice and emphasize the different roles and careers available in cybersecurity.”
According to the latest ISC2 survey, global skills shortages fell for the second consecutive year in 2021 to 2.7 million, including a shortfall of 377,000 in the US and 33,000 in the UK.
More Stories
Friday Squid Blogging: Squid Sticker
A sticker for your water bottle. Blog moderation policy. Read More
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI...
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
The Security Service of Ukraine has accused Russian-linked actors of perpetrating a cyber-attack against the state registers of Ukraine Read...
LockBit Admins Tease a New Ransomware Version
The LockBitSupp persona said LockBit 4.0 will be launched in February 2025 Read More
Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns
The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging...
CISA Urges Encrypted Messaging After Salt Typhoon Hack
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging...