Most Cyber Security Teams Are Understaffed

Uploaded on 2021-05-19 in JOBS-Careers, FREE TO VIEW

The effects of the Cornonavirus  have rippled across the world, impacting workforces in nearly every sector, however, according to the findings of the 'State of Cybersecurity 2021' report from ISACA and HCL Technologies, the cyber security workforce has largely been unscathed, although the same challenges in hiring and retention continue at levels similar to years past. 
 
The results show that just 53 percent of the 3,600 information security professionals who participated in the survey say they had difficulty retaining talent last year during the pandemic. This is a four-percentage point decline from the year before, which may have been a side effect of uncertainty amidst Covid-19.   
 
In a climate where remote work became much more prevalent, those citing “limited remote work possibilities” as a reason for leaving their cyber security role saw a six-percentage point decline (45%) compared to the year before. 
 
Though the cyber security workforce was mainly spared the pandemic devastation experienced by other sectors, the survey found that long-standing issues persist, including:
 
  • 61% of respondents indicate that their cyber security teams are understaffed.
  • 55% say they have unfilled cyber security positions.
  • 50%t say their cyber security applicants are not well qualified.
  • Only 31% say HR regularly understands their cyber security hiring needs.
 
“Making a meaningful difference in addressing the persistent skills gaps in the cybersecurity workforce will require a collaborative and concerted effort between government, academia and industry,” says Renju Varghese, Fellow & Chief Architect at HCL Technologies. “Through strategic partnerships and outreach, we will be able to not only better prepare graduates coming out of university programs but also equip a wide range of candidates from non-traditional paths with the skills needed to succeed in a cyber security career.”
 
Despite the high demand for cyber security jobs, 50 percent of those surveyed generally do not believe that their applicants are well qualified. 
 
Additionally, only 27% of survey respondents say that recent graduates in cyber security are well-prepared, though 58%  indicate that they require a degree for entry-level cyber security positions. Respondents note that they also seek prior hands-on cybersecurity experience (95%), credentials (89%) and hands-on training (81%) when determining whether a candidate is qualified. 
 
The top three skills gaps they see in candidates are soft skills (56 percent), security controls (36 percent) and software development (33 percent), which organisations are addressing by:  
  • Training non-security staff who are interested in moving to security roles (43 percent)
  • Increasing usage of contract employees or outside contractors (37 percent)
  • Increasing use of re-skilling programs (23 percent)
  • Increasing use of performance-based training to build hands-on skill (22 percent)
  • Increasing reliance on AI/automation (22 percent)
 
These findings show that retention issues and increased cyber attacks are related. Sixty-eight percent of respondents who experienced more cyber attacks in the past report being somewhat or significantly understaffed. Sixty-three percent who experienced more cyber-attacks in the past indicated they have experienced difficulties retaining qualified cyber security professionals. 
 
ISACA:          Help Net Security    MorningStar:     
 
You Might Also Read: 
 
Hiring Good Cyber Security Professionals Is Hard Work:
 
 
« Russian Hackers Have Updated Their Techniques
Dutch Cyber Security Under Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

HunCERT

HunCERT

HunCERT's mission is to assist Hungarian Internet Service Providers in applying appropriate procedures to address the risks of computer network incidents and to respond to such incidents.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Rhodian Group

Rhodian Group

Rhodian Group (formerly Adar) specialize in providing Technology, Cybersecurity, and Compliance services to the insurance industry.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.