Cyber Skills Gap Grows Along With Threats

A corporate job opening typically draws as many as 250 applicants with varying qualifications.

In stark contrast, a new survey of the growing cyber security skills gap reveals that just over half of US companies looking to fill corporate IT security positions receive five applications. Of those, fewer than one in four candidates possess the qualifications companies are seeking.

"As enterprises invest more resources to protect data, the challenge they face is finding top-flight security practitioners who have the skills needed to do the job," information security executive Christos Dimitriadis told the RSA security conference this week. "When positions go unfilled, organizations have a higher exposure to potential cyber-attacks."

Fifty-five percent of respondents to a cyber security skills survey said they place greatest emphasis on hands-on experience. Nevertheless, 25 percent said candidates lack technical skills. Hence, most recruiters emphasise performance-based certification and training over candidates with college degrees in cyber security.

More than two-thirds of respondents "view certifications as equally, if not more, important as formal education," according to the workforce study released this week by the cyber training and certification group ISACA.

Sensing an opportunity, companies such as IBM have moved to address the cyber security skills gap with automation tools based on its Watson cognitive computing platform. In one scenario, security teams dealing with hundreds of thousands of security events each day could hand off lesser threats to automated systems to reduce the amount of time wasted on false positives.

A new IBM research projects code-named Havyn based on a voice-powered security assistant leverages Watson conversation technology to respond to verbal commands and natural language from security analysts, the company said.

Indeed, cyber security organisations such as ISACA endorse the use of emerging cognitive tools as a way to close the cyber skills gap and address the more mundane but critical aspects of cyber-security. "Where security operational tasks can be automated, it can decrease the overall burden on staff and thereby help make best use of staff that an organisation already has," the study recommended.

It also recommended that companies take steps to retain and invest in its cyber defenders as demand for those talents increases in parallel with threats to corporate networks.

The urgency to retain cyber specialist was underscored by another finding:

Roughly one in four companies surveyed reported that the time to fill priority cyber-security and information security positions can be at least six months.

In Europe, almost one-third of cyber security job openings remain unfilled, the study found.

Another factor at work in the cyber realm is a phenomenon known as "security fatigue," defined as "weariness or reluctance to deal with computer security."
Hence, unremitting cyber-attacks and the mundane nature of the cyber security are contributing to the cyber skills gap, the study warns.

EnterpriseTech:

You Might Also Read

How AI Will Solve The Skills Shortage:

Staff Training 'Not enough to stop most data breaches':

Difficult: Attracting Women To Cybersecurity:

 

 

« Snowden Helping To Protect Journalists
Cyber-Workforce Shortage to Increase »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Internet Security Alliance (ISA)

Internet Security Alliance (ISA)

ISA is an international trade association providing thought leadership in advancing a sustainable system of cyber security.

Genua

Genua

Genua is a specialist in IT security services and solutions ranging from network and infrastructure security to encrypted comms and industrial automation.

Atea

Atea

Atea is the market leader in IT infrastructure for businesses and public-sector organizations in Europe’s Nordic and Baltic regions.

ICS2

ICS2

ICS² is the first cyber security company focusing on protecting the control system of power, oil, gas, and petrochemicals plants.

Axence

Axence

Axence provides professional solutions for the comprehensive management of IT infrastructure for companies and institutions all over the world.

Infodas

Infodas

Infodas provides Cybersecurity and IT consulting / system integration services as well as a range of innovative Cybersecurity products to public sector and commercial clients.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

BlazeGuard

BlazeGuard

At BlazeGuard, we understand that navigating the complex world of cybersecurity can be challenging. That’s why we make it our mission to simplify the process for you.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

Blind Insight

Blind Insight

Field-level searchable encryption plus fine-grained programmable access controls. All wrapped neatly in developer-friendly APIs and SDKs. Data protection perfection.

Prismo Systems

Prismo Systems

Prismo provides a unified platform to secure software development across the entire SDLC and deployment on any cloud or on-premises infrastructure.