Most Cyber Security Teams Are Understaffed

Uploaded on 2021-05-19 in JOBS-Careers, FREE TO VIEW

The effects of the Cornonavirus  have rippled across the world, impacting workforces in nearly every sector, however, according to the findings of the 'State of Cybersecurity 2021' report from ISACA and HCL Technologies, the cyber security workforce has largely been unscathed, although the same challenges in hiring and retention continue at levels similar to years past. 
 
The results show that just 53 percent of the 3,600 information security professionals who participated in the survey say they had difficulty retaining talent last year during the pandemic. This is a four-percentage point decline from the year before, which may have been a side effect of uncertainty amidst Covid-19.   
 
In a climate where remote work became much more prevalent, those citing “limited remote work possibilities” as a reason for leaving their cyber security role saw a six-percentage point decline (45%) compared to the year before. 
 
Though the cyber security workforce was mainly spared the pandemic devastation experienced by other sectors, the survey found that long-standing issues persist, including:
 
  • 61% of respondents indicate that their cyber security teams are understaffed.
  • 55% say they have unfilled cyber security positions.
  • 50%t say their cyber security applicants are not well qualified.
  • Only 31% say HR regularly understands their cyber security hiring needs.
 
“Making a meaningful difference in addressing the persistent skills gaps in the cybersecurity workforce will require a collaborative and concerted effort between government, academia and industry,” says Renju Varghese, Fellow & Chief Architect at HCL Technologies. “Through strategic partnerships and outreach, we will be able to not only better prepare graduates coming out of university programs but also equip a wide range of candidates from non-traditional paths with the skills needed to succeed in a cyber security career.”
 
Despite the high demand for cyber security jobs, 50 percent of those surveyed generally do not believe that their applicants are well qualified. 
 
Additionally, only 27% of survey respondents say that recent graduates in cyber security are well-prepared, though 58%  indicate that they require a degree for entry-level cyber security positions. Respondents note that they also seek prior hands-on cybersecurity experience (95%), credentials (89%) and hands-on training (81%) when determining whether a candidate is qualified. 
 
The top three skills gaps they see in candidates are soft skills (56 percent), security controls (36 percent) and software development (33 percent), which organisations are addressing by:  
  • Training non-security staff who are interested in moving to security roles (43 percent)
  • Increasing usage of contract employees or outside contractors (37 percent)
  • Increasing use of re-skilling programs (23 percent)
  • Increasing use of performance-based training to build hands-on skill (22 percent)
  • Increasing reliance on AI/automation (22 percent)
 
These findings show that retention issues and increased cyber attacks are related. Sixty-eight percent of respondents who experienced more cyber attacks in the past report being somewhat or significantly understaffed. Sixty-three percent who experienced more cyber-attacks in the past indicated they have experienced difficulties retaining qualified cyber security professionals. 
 
ISACA:          Help Net Security    MorningStar:     
 
You Might Also Read: 
 
Hiring Good Cyber Security Professionals Is Hard Work:
 
 
« Russian Hackers Have Updated Their Techniques
Dutch Cyber Security Under Threat »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

SiteLock

SiteLock

SiteLock is a global leader in website security solutions. We provide affordable, cybersecurity software solutions designed to allow small to midsize businesses to operate without fear of an attack.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

QuSecure

QuSecure

QuSecure provides a software-driven security architecture that overlays your current infrastructure and provides next-generation security to protect your entire network from quantum threats.

Fibernet

Fibernet

Fibernet's innovative solutions in the fields of cybersecurity and fiber optics range from telecommunications infrastructure to small business cybersecurity.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

LockMagic

LockMagic

Lockmagic is an information asset management solution to protect, track, audit and control accesses to sensitive information inside and outside your organization.

Google Safety Engineering Center (GSEC)

Google Safety Engineering Center (GSEC)

GSEC Málaga is an international cybersecurity hub where Google experts work to understand the cyber threat landscape and to create tools that keep users around the world safer online.

NSW IT Support

NSW IT Support

NSW IT Support: Your exclusive hub for comprehensive Business IT services in Sydney. Our skilled team ensures seamless technology solutions nationwide, consistently delivering top-tier IT support.

Abstract Security

Abstract Security

Abstract Security has created a revolutionary platform, equipped with an AI-powered assistant, to better centralize the management of security analytics.

CyXcel

CyXcel

CyXcel is a cyber security consulting business grounded in the law which natively fuses crises, legal, technical, and consulting expertise digital networks, information and operational technology.

DOT Europe

DOT Europe

DOT Europe is a consensus based organisation which brings a diverse membership together to agree on their collective stance on EU tech policy.