The dearth of trained cybersecurity professionals is having a direct and measurable negative impact on organizations and many companies are addressing this shortfall by outsourcing some their cybersecurity work, according to a new report.
The international study called Hacking the Skills Shortage conducted by Intel and the Center for Strategic and International Studies found that 82 percent of those surveyed said there was a shortage of those with cybersecurity skills with 71 percent noting that this shortage is leading to “direct and measureable damage to organizations whose lack of talent makes them more desirable hacking targets.”
“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS, said in a statement.
The Intel survey noted that as of 2015 there was a 209,000 cybersecurity jobs went unfilled in the United States alone.
"Our data shows it is definitely a growing part of the labor market based on job postings. Since 2015 we've seen about a 50 percent gain in the share of job postings in cybersecurity. It's a relatively small share, but clearly a fast growing space,” Daniel Culbertson, U.S. Economist for job site Indeed, told SCMagazine in an email, adding based on job seeker clicks relative to job postings on Indeed's search engine, there is definitely a shortage of workers looking in this crucial sector.
Source: Hacking the Skills Shortage - Intel and the Center for Strategic and International Studies
The Intel study was comprised of people in the U.S. (200), U.K. (100), France (100), Germany (100), Australia (75), Japan (75), Mexico (75) and Israel (50) all of whom worked for either a public or private organization with at least 500 employees.
Many respondents pointed to educational shortfalls and a lack of government investment not only for creating the current situation and the inability to bridge the staffing gap in the future.
Only 23 percent said education programs are preparing students to enter the industry, adding that non-traditional training methods, such as hands-on training, gaming and hackathons may be a more effective way to acquire and grow cybersecurity skills. Meanwhile, 76 percent said their governments are not investing enough to develop cybersecurity talent.
Until the situation is rectified 63 percent of those asked said they are hiring outsiders to handle at least some of their cybersecurity work.
There were a few bright spots in the report with just over half of the respondents, 55 percent, believing their cybersecurity staffing problems will be rectified within the next five years. For those already working in the field or interested in joining the industry the positive news was pay.
The median cybersecurity salary reported in the surveyed nations is 2.7 times the average wage. In the United States this translates into a salary about $6,500 higher than the average IT worker. A study recently conducted by the jobs website Indeed showed the average salary for security specialists was well over $100,000 in most major American cities.
However, higher pay is certainly an excellent incentive it might not be enough to lure in potential workers.
“The relatively higher salaries for cybersecurity roles is definitely a reflection of the strong demand for employers. But as we've seen with tech roles generally, even higher pay is not necessarily bringing enough skilled workers into the field. Workers, of course, also value other benefits ranging from location to flexibility, so employers can certainly look to other ways of attracting and retaining talent,” Culbertson said.
Even after a suitable candidate is found and hired a company's task must turn to retention, which is also difficult. Intel found that half of those surveyed cited lack of training or qualification sponsorship by the company as a reason why talent leaves for another company.