A survey of 3,300 IT professionals by (ISC)² has today revealed that widespread under-funding in training in-house IT talent is contributing to the critical cyber security skills gap.
The report shows that businesses are exposing themselves to cyber threats by ignoring and neglecting IT professionals, with 65% of IT workers reporting their security advice is not followed. Almost half of IT workers say their firms do not invest sufficiently in ensuring their IT staff are security-trained, despite a shortage of cyber security workers across 63% of businesses.
>See also: SMEs do not train staff on cyber security risk
This indicates that the cyber skills deficit is rooted in businesses failing to listen to advice from IT staff and upskill in-house talent. The report suggests this is a leadership issue, with 49% of respondents accusing business leaders of a failure to understand cyber security requirements. The result, according to the report, is that majority of companies are even less able to cope with a cyber attack than they were last year.
In February 2017, (ISC)2 found that the cyber security skills gap will grow to 1.8m by 2022 if current hiring and training trends continue. The latest research is based on responses from more than 3,300 IT professionals from around the world who participated in the 2017 Global Information Security Workforce Study. The report can be download here.
The survey found that 43% of organisation don’t provide adequate resources for security training, and only 35% agreed their security suggestions are acted upon.
It also found that 55% felt their organisation doesn’t require IT staff to earn a security certification, while 63% said their organisation has too few security workers.
Hiring managers rank communication skills (62%) and analytical skills (52%) as their top priority, while IT pros cite cloud computing and security (64%), and risk assessment and management (40%) as top skills needed.
>See also: The importance of creating a cyber security culture
“Our findings suggest too many organisations are fixated on their inability to attract top cybersecurity expertise that they often overlook a tremendous pool of talent already on staff and intimately familiar with their infrastructure and processes,” said (ISC)² CEO David Shearer, CISSP.
“The quickest way for many organisation to protect themselves against cyber threats is through continuous education and empowerment of their IT team. Security is a shared responsibility across any organisation, but unless IT is adequately trained and enable to apply best security practices across all systems, even the best security plan is vulnerable to failure.”
