Most Cyber Security Teams Are Understaffed

Uploaded on 2021-05-19 in JOBS-Careers, FREE TO VIEW

The effects of the Cornonavirus  have rippled across the world, impacting workforces in nearly every sector, however, according to the findings of the 'State of Cybersecurity 2021' report from ISACA and HCL Technologies, the cyber security workforce has largely been unscathed, although the same challenges in hiring and retention continue at levels similar to years past. 
 
The results show that just 53 percent of the 3,600 information security professionals who participated in the survey say they had difficulty retaining talent last year during the pandemic. This is a four-percentage point decline from the year before, which may have been a side effect of uncertainty amidst Covid-19.   
 
In a climate where remote work became much more prevalent, those citing “limited remote work possibilities” as a reason for leaving their cyber security role saw a six-percentage point decline (45%) compared to the year before. 
 
Though the cyber security workforce was mainly spared the pandemic devastation experienced by other sectors, the survey found that long-standing issues persist, including:
 
  • 61% of respondents indicate that their cyber security teams are understaffed.
  • 55% say they have unfilled cyber security positions.
  • 50%t say their cyber security applicants are not well qualified.
  • Only 31% say HR regularly understands their cyber security hiring needs.
 
“Making a meaningful difference in addressing the persistent skills gaps in the cybersecurity workforce will require a collaborative and concerted effort between government, academia and industry,” says Renju Varghese, Fellow & Chief Architect at HCL Technologies. “Through strategic partnerships and outreach, we will be able to not only better prepare graduates coming out of university programs but also equip a wide range of candidates from non-traditional paths with the skills needed to succeed in a cyber security career.”
 
Despite the high demand for cyber security jobs, 50 percent of those surveyed generally do not believe that their applicants are well qualified. 
 
Additionally, only 27% of survey respondents say that recent graduates in cyber security are well-prepared, though 58%  indicate that they require a degree for entry-level cyber security positions. Respondents note that they also seek prior hands-on cybersecurity experience (95%), credentials (89%) and hands-on training (81%) when determining whether a candidate is qualified. 
 
The top three skills gaps they see in candidates are soft skills (56 percent), security controls (36 percent) and software development (33 percent), which organisations are addressing by:  
  • Training non-security staff who are interested in moving to security roles (43 percent)
  • Increasing usage of contract employees or outside contractors (37 percent)
  • Increasing use of re-skilling programs (23 percent)
  • Increasing use of performance-based training to build hands-on skill (22 percent)
  • Increasing reliance on AI/automation (22 percent)
 
These findings show that retention issues and increased cyber attacks are related. Sixty-eight percent of respondents who experienced more cyber attacks in the past report being somewhat or significantly understaffed. Sixty-three percent who experienced more cyber-attacks in the past indicated they have experienced difficulties retaining qualified cyber security professionals. 
 
ISACA:          Help Net Security    MorningStar:     
 
You Might Also Read: 
 
Hiring Good Cyber Security Professionals Is Hard Work:
 
 
« Russian Hackers Have Updated Their Techniques
Dutch Cyber Security Under Threat »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

TrustInSoft

TrustInSoft

TrustInSoft develops solutions that validate mission-critical software and eliminate attack vectors.

YouWipe

YouWipe

Scandinavian Data Erasure Leader YouWipe is the number one choice of European Ministries, European Central Banks, Swiss Pharmaceuticals and Major Electronics Retail Chains.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

Transmit Security

Transmit Security

The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

Regtank Technology

Regtank Technology

Regtank is a one-stop compliance solution for fintechs, navigating compliance, security and risk management.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Anatomy IT

Anatomy IT

Anatomy IT empowers healthcare providers to deliver exceptional patient care with cutting-edge technology and cybersecurity solutions.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

Invisily

Invisily

Invisily makes enterprise and cloud computing resources invisible to attackers with zero trust solutions, making them visible only when needed to only those who need them.

Dispel

Dispel

Dispel makes the fastest secure remote access for industrial networks. Built by operators for operators: a zero trust engine for your entire OT, IoT, and xIoT stack.