Employers must adapt as ‘pervasive and ominous’ cybersecurity skills gap gets worse

New skills programs in Australia offer hope but employers must also adjust their expectations and practices.

Poor or no cybersecurity training, a lack of repeatable security processes, failure to align business and cybersecurity goals, and a short-term view have all exacerbated a cybersecurity skills crisis that is widening, according to a new global study, despite a range of efforts to address it in new ways. As a result, Australian organisations are trying ways to cope better.

Fully 70% of the 343 respondents to the Information Systems Security Association (ISSA)-Enterprise Strategy Group (ESG) study—entitled “The Life and Times of Cyber Security Professionals”—said the ongoing cybersecurity skills shortage is impacting their organisation, with 91% saying that most organisations remain vulnerable to a significant attack or data breach.

Respondents blamed lack of training of non-technical employees (cited by 31%), lack of adequate cybersecurity staff (22%), and the low priority given to cybersecurity by company management (20%) as the key contributors to the ongoing flood of security breaches.

“We are not making progress, cybersecurity professionals can’t scale, and the implications of the skills shortage are becoming more pervasive and ominous,” warned report author and ESG senior principal analyst Jon Oltsik.

ISSA international board of directors member Candy Alexander was equally concerned: “While organisations have been investing in new cybersecurity technology, they are not investing enough in their people,” she said in a statement. “We, as a profession, need to help business understand the cybersecurity skills investment versus risk trade-off.”

Related:

Copyright © 2017 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)