Most Cyber Security Teams Are Understaffed
Uploaded on 2021-05-19 in JOBS-Careers, FREE TO VIEW
The effects of the Cornonavirus have rippled across the world, impacting workforces in nearly every sector, however, according to the findings of the 'State of Cybersecurity 2021' report from ISACA and HCL Technologies, the cyber security workforce has largely been unscathed, although the same challenges in hiring and retention continue at levels similar to years past.
The results show that just 53 percent of the 3,600 information security professionals who participated in the survey say they had difficulty retaining talent last year during the pandemic. This is a four-percentage point decline from the year before, which may have been a side effect of uncertainty amidst Covid-19.
In a climate where remote work became much more prevalent, those citing “limited remote work possibilities” as a reason for leaving their cyber security role saw a six-percentage point decline (45%) compared to the year before.
Though the cyber security workforce was mainly spared the pandemic devastation experienced by other sectors, the survey found that long-standing issues persist, including:
- 61% of respondents indicate that their cyber security teams are understaffed.
- 55% say they have unfilled cyber security positions.
- 50%t say their cyber security applicants are not well qualified.
- Only 31% say HR regularly understands their cyber security hiring needs.
“Making a meaningful difference in addressing the persistent skills gaps in the cybersecurity workforce will require a collaborative and concerted effort between government, academia and industry,” says Renju Varghese, Fellow & Chief Architect at HCL Technologies. “Through strategic partnerships and outreach, we will be able to not only better prepare graduates coming out of university programs but also equip a wide range of candidates from non-traditional paths with the skills needed to succeed in a cyber security career.”
Despite the high demand for cyber security jobs, 50 percent of those surveyed generally do not believe that their applicants are well qualified.
Additionally, only 27% of survey respondents say that recent graduates in cyber security are well-prepared, though 58% indicate that they require a degree for entry-level cyber security positions. Respondents note that they also seek prior hands-on cybersecurity experience (95%), credentials (89%) and hands-on training (81%) when determining whether a candidate is qualified.
The top three skills gaps they see in candidates are soft skills (56 percent), security controls (36 percent) and software development (33 percent), which organisations are addressing by:
- Training non-security staff who are interested in moving to security roles (43 percent)
- Increasing usage of contract employees or outside contractors (37 percent)
- Increasing use of re-skilling programs (23 percent)
- Increasing use of performance-based training to build hands-on skill (22 percent)
- Increasing reliance on AI/automation (22 percent)
These findings show that retention issues and increased cyber attacks are related. Sixty-eight percent of respondents who experienced more cyber attacks in the past report being somewhat or significantly understaffed. Sixty-three percent who experienced more cyber-attacks in the past indicated they have experienced difficulties retaining qualified cyber security professionals.
You Might Also Read: