Nearly half of U.S. and UK companies do not have access to an in-house cybersecurity professional within their IT department, according to a recent survey.
IT software firm Spiceworks found that 29 percent of IT professionals at midsize and enterprise organizations said an in-house cybersecurity professional works in their IT department, and 55 percent of the IT pros said they do not have regular access to either an in-house or third-party cybersecurity professional.
Only 7 percent of IT pros said their company has a cybersecurity professional on its executive team. A separate poll conducted by Spiceworks in May confirmed these findings. In that study, 67 percent of IT professionals said they possess no information security certifications.
Among companies that do not have an in-house security pro, most participants said they expect their company plans to hire or contract a cybersecurity professional in the next 12 months.
However, the decision to retain cybersecurity personnel is easier said than done, as many employers report difficulty finding qualified information security candidates to fill positions.
“With more organizations competing for the same talent, we're starting to see a severe shortage, which is just going to get worse, wrote Sean Costello, senior vice president of North America at Experis, in an email obtained by SCMagazine.com. “Companies need to get ahead of this trend and start thinking more about development and how they will resource their growing talent needs going forward.”
The lack of skilled cybersecurity personnel has led to unfortunate consequences at the companies that do not retain cybersecurity professionals. Case in point, according to a survey published Tuesday by Skyhigh Networks and the Cloud Security Alliance, nearly 30 percent of information technology professionals have admitted to ignoring security alerts due to the high volume of false positive.
“You've seen a lot of well-known companies that have experienced leaked data or a breach,” Spiceworks IT analyst Peter Tsai told SCMagazine.com. In many cases, companies received significant fines because they did not adhere to industry standards, he noted.“Hiring somebody who is well-versed in information security is needed,” Tsai said, although he noted that education of all employees within an organization is also essential. “The end user is always the weakest link in the chain,” he said.