New research reveals cybersecurity skills shortage impact

New research from ESG and ISSA reveals that cybersecurity skills shortage is affecting organizations’ ability to prevent, detect and respond to cyberattacks.

The sky is falling!
Credit: "The Remarkable Story of Chicken Little"

When it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little,” as I’ve been screaming about this issue for the last five years or so. As an example, ESG research conducted in early 2016 indicated that 46% of organizations indicate that they have a problematic shortage of cybersecurity skills today (note: I am an ESG employee).

So, ESG and other researchers have indicated that there aren’t enough infosec bodies to go around but what about those that have jobs? How is the cybersecurity skills shortage affecting them and the organizations they work for?

Earlier this week, ESG and the Information Systems Security Association (ISSA) published the second report in a two-part research report series investigating these issues. This new report, titled "Through the Eyes of Cyber Security Professionals," uncovers a lot more about just how deep the cybersecurity skills shortage cuts. For example:

  • Twenty-nine percent of cybersecurity professionals say that the global cybersecurity skills shortage has had a significant impact on their organizations, while another 40% indicate that the global cybersecurity skills shortage has had some impact on their organizations.
  • What type of impact? More than half (54%) say that the cybersecurity skills shortage has increased the workload on existing employees, 32% say it has led to high rates of staff attrition, and 32% say that the skills shortage has limited time for training since the cybersecurity staff is too busy keeping up with day-to-day activities.

It is also worth noting that 25% of respondents said that the cybersecurity skills shortage has led to a high “burnout” rate among the cybersecurity staff.

When asked about the cybersecurity skills shortage, I often say that this issue represents an existential threat. There are too few talented cybersecurity professionals available and those that are gainfully employed are often overworked, and spend little time on strategic planning or skills development. 

There is absolutely no evidence to suggest that this situation will improve. In fact, my fear is that new initiatives like cloud computing, digital transformation, and internet of things (IoT) applications will only increase the gap between cybersecurity skills supply and demand.

Because this is an existential threat, ESG and ISSA are making the two reports free for download here. There is also a lot of supporting material available including infographics and videos.

Please get back to us with your feedback on the reports and issues around the global cybersecurity skills shortage where you’d like to see more research done. 

Cybersecurity market research: Top 15 statistics for 2017