New report highlights impact of cyber security skills shortage

Reports of cyber hacks are commonplace in the news and recent figures from the IDG show that the cost of cyber crime could hit $6 trillion by 2021. Perhaps a less well-known issue in the public sphere is the cyber security skills shortage. The ISC anticipates a worldwide shortage of 1.8 million cyber security professionals by 2022 but the lack of skills to tackle cyber crime is already causing problems.

A new research report titled The Life and Times of Cybersecurity Professionals, by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) provides great insight from the responses of 343 cyber security professionals and ISSA members.

63% of respondents said that the cyber security skills shortage has increased the workload for existing staff, 41 per cent have had to hire junior personnel instead of more experienced professionals, and 41 per cent said that cyber security professionals spend a disproportional amount of time on incident response and not enough time on planning and strategy. Another finding in the report was that cyber security professionals do not have the time to continuously learn in their job despite conceding that it’s essential to do so in order to mitigate cyber attacks.

This means that many cyber security professionals find themselves a step behind the hackers and are fighting fires rather than proactively strategising how to mitigate future attacks.
The areas where the skills shortage is most acute according to the report include security investigations/analysis (31 per cent), application security (31 per cent), and cloud security (29 per cent).

Jonathan Martin, Cyber Security recruitment expert at Networkers shares how the above skills short areas have translated to job titles employers are seeking to fill right now.

“We are seeing a high demand for security analysts, information assurance consultants and security architects with certifications such as CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) and ISO27001 experience.”

“Whilst there’s not many fully trained cyber security professionals in the market, companies need to take the initiative and offer opportunities for existing IT individuals who show an interest in cyber security and support them to move into this exciting area with the right training.”

The pressure on cyber security professionals looks set to intensify due to the ongoing skills shortage. But it also presents great opportunities for IT professionals who want to play a front line role in an area of IT which is very relevant and will make a real difference to wider society. The opportunity to continuously learn is paramount for cyber security teams to get ahead of hackers and future proof the security of systems and data in their organisations.

View our latest Cyber Security jobs