The struggle to find security 'talent'

Trustwave and Osterman Research have released results of a new study on cybersecurity resource limitations that quantifies the challenges businesses face around recruitment of IT security talent, identification of the skills sets they require, the level of control they have over their IT security budgets, and other pertinent matters related to IT security management. The study reveals that corporate security demands still outpace the available talent at alarming rates.

  • 7 years ago Posted in
Based on an Osterman Research survey of 147 IT security decision makers and influencers, the study shows that a fast-moving confluence of skills shortages, worsening threats and disproportionate spending habits is leaving organisations increasingly vulnerable to data breaches, malware, phishing and a variety of other information security problems that can have serious or even devastating consequences.
 
According to the study, 57 percent of respondents say finding and recruiting IT talent are their biggest challenges. In fact, only eight percent believe three-quarters or more of their staff have the specialised skills and training needed to handle complex issues. The report also shows that throwing bodies at the problem doesn’t cut it -- more than three times as many respondents would rather grow their staff’s skills and expertise than grow the number of people on their team. Further, skills are lacking in key areas with about 40 percent of respondents saying their most inadequate skill sets are in emerging and evolving security threats.
 
Trustwave Senior Vice President of Managed Security Services Chris Schueler, commenting on the study, said “The shortage of staff able to solve complex security issues is an industry problem that continues to worsen, but the way organisations are going about filling this void is all wrong. Typical recruiting methods are not proving fruitful yet we keep seeing enterprises simply throwing bodies at the problem when what is really needed is a better staff training, more budget support to hire the right personnel and additional assistance from experienced third-party experts to help amplify the more complicated and demanding areas of security like testing, monitoring and incident response.”
 
Other key findings from the “Money, Minds and the Masses: A Study of Cybersecurity Resource Limitations” report include:
 
  • A good IT security staffer is hard to find -- Finding and recruiting talented IT security staff members with the right skills sets is a “significant” or “major” challenge for 57 percent of organisations. Retaining these people is also viewed as a difficult problem by more than a third of respondents.
 
  • Most lack essential skills and training -- The majority of respondents believe that less than one-half of their IT security departments have the specialised skills and training to handle complex issues. Only one in nine respondents believe it is “very likely” they will have IT security staff available to meet their security demands in the future.
 
  • A perception of high turnover among IT security staff -- Thirty-six percent of respondents say turnover is higher among IT security professionals than in other parts of the organisation.
 
  • Most lack full control over their IT security budgets -- Only 24 percent of respondents say they have complete control over their annual IT security budget. While another 51 percent they have partial control.
 
  • Some have little to no control -- More alarming, 24 percent believe they have little to no control over their IT security budgets. Seven out of 10 organisations report disagreements between IT and senior management on budget and staffing issues.
 
  • IT security pros have difficulty anticipating future skills needs -- One-third of respondents say they have trouble identifying the IT security skills and competencies they need. Nearly half believe the problem will get worse.
 
Osterman Research President Michael Osterman said, “We are in a time where organisations are facing a serious shortage of IT security staff members, both in the number available to fill vacant positions, and in terms of specialised skill sets that these individuals need to have. Failure to source IT capabilities can lead to a range of problems, resulting in data breaches and compliance violations. Organisations need to ensure their IT departments establish a close relationship with senior management to find ways to solve these shortcomings, whether by finding the right individuals or through hiring managed security services providers that can help address the gaps and increase protections.”   
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...