Most Cyber Security Teams Are Understaffed

The effects of the Cornonavirus  have rippled across the world, impacting workforces in nearly every sector, however, according to the findings of the 'State of Cybersecurity 2021' report from ISACA and HCL Technologies, the cyber security workforce has largely been unscathed, although the same challenges in hiring and retention continue at levels similar to years past. 
 
The results show that just 53 percent of the 3,600 information security professionals who participated in the survey say they had difficulty retaining talent last year during the pandemic. This is a four-percentage point decline from the year before, which may have been a side effect of uncertainty amidst Covid-19.   
 
In a climate where remote work became much more prevalent, those citing “limited remote work possibilities” as a reason for leaving their cyber security role saw a six-percentage point decline (45%) compared to the year before. 
 
Though the cyber security workforce was mainly spared the pandemic devastation experienced by other sectors, the survey found that long-standing issues persist, including:
 
  • 61% of respondents indicate that their cyber security teams are understaffed.
  • 55% say they have unfilled cyber security positions.
  • 50%t say their cyber security applicants are not well qualified.
  • Only 31% say HR regularly understands their cyber security hiring needs.
 
“Making a meaningful difference in addressing the persistent skills gaps in the cybersecurity workforce will require a collaborative and concerted effort between government, academia and industry,” says Renju Varghese, Fellow & Chief Architect at HCL Technologies. “Through strategic partnerships and outreach, we will be able to not only better prepare graduates coming out of university programs but also equip a wide range of candidates from non-traditional paths with the skills needed to succeed in a cyber security career.”
 
Despite the high demand for cyber security jobs, 50 percent of those surveyed generally do not believe that their applicants are well qualified. 
 
Additionally, only 27% of survey respondents say that recent graduates in cyber security are well-prepared, though 58%  indicate that they require a degree for entry-level cyber security positions. Respondents note that they also seek prior hands-on cybersecurity experience (95%), credentials (89%) and hands-on training (81%) when determining whether a candidate is qualified. 
 
The top three skills gaps they see in candidates are soft skills (56 percent), security controls (36 percent) and software development (33 percent), which organisations are addressing by:  
  • Training non-security staff who are interested in moving to security roles (43 percent)
  • Increasing usage of contract employees or outside contractors (37 percent)
  • Increasing use of re-skilling programs (23 percent)
  • Increasing use of performance-based training to build hands-on skill (22 percent)
  • Increasing reliance on AI/automation (22 percent)
 
These findings show that retention issues and increased cyber attacks are related. Sixty-eight percent of respondents who experienced more cyber attacks in the past report being somewhat or significantly understaffed. Sixty-three percent who experienced more cyber-attacks in the past indicated they have experienced difficulties retaining qualified cyber security professionals. 
 
ISACA:          Help Net Security    MorningStar:     
 
You Might Also Read: 
 
Hiring Good Cyber Security Professionals Is Hard Work:
 
 
« Russian Hackers Have Updated Their Techniques
Dutch Cyber Security Under Threat »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

PrimeKey

PrimeKey

PrimeKey provides organisations with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

Arctic Wolf Networks

Arctic Wolf Networks

Arctic Wolf Networks delivers the industry-leading security operations center (SOC)-as-a-service that redefines the economics of cybersecurity.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

BARR Advisory

BARR Advisory

At BARR Advisory, we build trust through cyber resilience. We help protect the world’s data, people, and information networks through a human-first approach to cybersecurity and compliance.

Mediatech

Mediatech

Mediatech, specialized in managed Cybersecurity and Cloud services, a single point of contact for your company's IT and infrastructure.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

Rapifuzz

Rapifuzz

At Rapifuzz, our goal is to help organizations test and secure their APIs enabling trust, innovation and Seamless Secured Digital Experiences.