18 August 2016
One-in-four organisations admitted they have lost proprietary data because of their lack of cyber security skills.
The demand for cyber security professionals is outpacing the supply of qualified workers, with highly technical skills the most in need, according to new research.
In its Hacking Skills Shortage report carried out in partnership with the Centre for Strategic and International Studies (CSIS), Intel Security outlined the talent shortage crisis impacting the cyber security industry across both companies and nations.
The research was based on a survey of 575 IT decision-makers involved in cyber security within public and private sector organisations with at least 500 employees. Respondents were from across the US, UK, France, Germany, Australia, Japan, Mexico and Israel.
Eighty-two per cent admitted to a shortage of cyber security skills, with 71 per cent blaming this for direct and measurable damage to organisations whose lack of talent makes them more desirable hacking targets.
Despite one-in-four respondents confirming their organisations have lost proprietary data as a result of their cyber security skills gap, Intel said there are no signs of this workforce shortage abating in the near-term.
In 2015, 209,000 cyber security jobs went reportedly unfilled in the US alone. Respondents surveyed estimated an average of 15 per cent of cyber security positions in their company will remain vacant by 2020.
“We absolutely must diversify our ranks”
More than three-quarters of respondents said their governments are not investing sufficiently in building cyber security talent. Intel Security Group SVP and GM Chris Young agreed. He said that while there has been a great deal of talk, governments and the private sector haven’t brought enough urgency to solving the talent shortage.
“To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the frontline. Finally, we absolutely must diversify our ranks.”
In fact, the study found that skills such as intrusion detection, secure software development and attack mitigation were far more valued than softer skills including collaboration, leadership and effective communication.
More than half of respondents believe that the cyber security skills shortage is worse than talent deficits in other IT professions. While this places an emphasis on continuous education and training opportunities, only 23 per cent said education programmes are preparing students to enter the industry.
Furthermore, almost half of respondents cited lack of training or qualification sponsorship as common reasons for talent departure.
The report revealed that non-traditional methods of practical learning – such as hands-on training, gaming and technology exercises and hackathons – may be a more effective way to acquire and grow cybersecurity skills.
Intel makes a number of recommendations for moving forward.
For instance, it believes the minimum credentials for entry-level cyber security jobs should be re-defined, and that non-traditional sources of education should be accepted.
The company also said that there should be more opportunities for external training, attack data should be collected, and better metrics should be developed to quickly identify threats.
