There are many reasons why companies should be concerned about a lack of cybersecurity skills within their organizations. As the Internet of Things continues to gain rapid traction across the business landscape, influencing a large portion of our daily operations and processes, it puts businesses at an increased risk of cyber threats. The implications of a data breach grow more severe, with issues like reputation damage, loss of revenue and customer loyalty, and compromised privacy and safety on the line.
It’s no news that a lack of information security strategy increases an organization’s security vulnerabilities. But the needed urgency of cybersecurity initiatives is perhaps better understood when businesses consider some of the latest findings revealed in a report published by Intel Security and the Center for Strategic and International Studies. For example, 82 percent of IT professionals agree there is currently a lack of cybersecurity skills among organizations today. But even more concerning is that 71 percent of the study’s participants also said this talent shortage is “responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets.”
“Business leaders need to be proactive in their attempts to fill the cybersecurity talent gap.”
Security skills shortage
According to James Lewis, the Strategic Technologies Program senior vice president and director at CSIS, loss of intellectual property and proprietary data is one example of direct damage companies affected by cybersecurity skills gap experience. The source added that this trend is prevalent across the globe. In addition, research conducted by Burning Glass Technologies recently showed demand for cybersecurity professionals has accelerated in the past year or so, with the need for people to fill these positions and those in similar roles growing at a rate as much as 12 times faster than in any other occupation over the past few years.
The Intel report found that, last year, the number of vacant cybersecurity positions in the U.S. alone exceeded 200,000 and that the unfilled jobs in the cybersecurity field across the globe are expected to reach anywhere from 1 million to 2 million over the next three years. In their analysis, the researchers looked at four major dimensions affecting the cybersecurity workforce, including information security spending, employer dynamics, education and training, and government policies. Unsurprisingly, the organizations that invested more in cybersecurity were more protected. However, incorporating cybersecurity education and training initiatives into the workplace may be a better way for businesses to enhance security rather than, for example, relying on traditional academic programs.
The problem is that, although the majority of organizations surveyed said that a bachelor’s degree is the minimum requirement for cybersecurity jobs, fewer than a quarter believe academic programs adequately prepare students for a career in cybersecurity. This could indicate the necessity and opportunity for business executives to leverage a more specialized training framework for information security. The Intel report pointed out that in addition to helping agencies bridge the skills shortage, this can also benefit companies in a number of others ways. For example, offering learning and growth opportunities acts as a recruitment and retention strategy for employers, enhancing the likelihood of onboarding and retaining top talent.
Gaining skills despite government action
Another factor contributing to the problematic lack of cybersecurity skills is insufficient action taken at the government level. More than three-quarters of the study respondents agreed government could do more to help improve the state of cybersecurity, such as increasing investments in cybersecurity education initiatives or developing better laws and regulations. It goes without saying that the more seriously policymakers take the threat of cyber attacks, the more likely businesses across industries will too. By enforcing certain laws and promoting adherence to specific guidelines, regulators can encourage companies by making them motivated to ensure compliance.
“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cybersecurity talent shortage,” Chris Young, Intel’s Security Group senior vice president and general manager, said in the press release.
Until government bodies take the necessary measures to help create a more sufficient cybersecurity environment, businesses need to take matters into their own hands and be proactive in their approach to information security – especially when it comes to education awareness and training efforts. At the National Cybersecurity Institute, we help company leaders do just that. We provide a dynamic range of preparation courses for IT certifications and cybersecurity exams. By completing courses such as the (ISC)2 Certified Information Systems Security Professional (CISSP) and CompTIA’s Security+, business professionals will be able to bridge the cybersecurity skills shortage, exercise stronger threat intelligence and cyber safety controls, and reduce the overall chances of their organizations being targets for hackers.