A panel discussion at RSA later today will look at results of the sixth annual Global Information Security Workforce Study (GISWS) from education and certification provider (ISC)2.
“The Threat Horizon: The 2013 Global Information Security Workforce Study,” delves into what (ISC)2 officials say is a troubling shortage of skilled security professionals that is having a ripple effect on the global economy.
The study surveyed more than 12,000 information security professionals. More than half – 56 percent - of CISOs surveyed for the report feel their security organizations are short-staffed.
From a release on the study:
“Many organizations (15 percent) are not able to put a timeframe on their ability to recover from an attack, even though service downtime is one of the highest priorities for nearly three-quarters of respondents. The data concludes that the major shortage of skilled cyber security professionals is negatively impacting organizations and their customers, leading to more frequent and costly data breaches.”
While the shortage is making response time difficult for those in charge, (ISC)2 says it is good news for security professionals who are enjoying stable employment. Over 80 percent of respondents reported no change in employer or employment in the last year, and 58 percent reported receiving a raise in the last year. The number of professionals is projected to grow steady globally by more than 11 percent annually over the next five years, according to (ISC)2 officials.
[Get the latest career and staffing news and advice with the CSO Career bi-monthly email newsletter. It's free - sign up now! ]
The report finds that hactivism (43 percent), cyber-terrorism (44 percent), and hacking (56 percent) are among the top concerns identified by respondents. 78 percent of respondents said BYOD technology is a significant security risk, and 74 percent reported that new security skills are required to meet the BYOD challenge. 68 percent reported social media is a security concern, with content filtering being the chief security measure used.
How do these results line up with what you’re experiencing in your security department? Do you have the staff that you need? Or are you feeling the pinch of being understaffed? If so, how is it impacting your organization?
As my colleague Bill Brenner notes in his Salted Hash blog post today, (ISC)2 will also be defending it's position on the need for professionals to continue to obtain the certification it issues - the CISSP - in an RSA panel discussion titled "Information Security Certifications: Do They Still Provide Industry Value?"