Corporate security demands are outpacing talent availability, according to a report released Wednesday by Osterman Research and Trustwave. More than half of businesses say finding and recruiting talented IT security staff is a significant or major challenge, while 35% say retaining cybersecurity talent remains a problem, according to the report, which surveyed 147 IT security decision makers and influencers.
IT security teams also lack the skills needed to mitigate increasingly sophisticated cyber attacks, the report found. More than six out of 10 businesses reported that half or fewer of their security employees had specialized skills and training needed to address complex security problems.
What's more, only one out of nine companies said they believe it is "very likely" that they will have IT security staff available to meet the cyber demands of the future.
"We are in a time where organizations are facing a serious shortage of IT security staff members, both in the number available to fill vacant positions, and in terms of specialized skill sets that these individuals need to have," said Osterman Research President Michael Osterman in a press release. "Failure to source IT capabilities can lead to a range of problems, resulting in data breaches and compliance violations."
Security testing, incident response, and threat monitoring are the three IT security areas that require the greatest skillset, the report found. Without a strong security staff, cyberattacks and data breaches could become more common, the report noted.
As of October 2016, there were about 58,000 IT security job openings in the top 10 US metro areas, according to an Indeed.com search cited in the report. Experience was the most important consideration for hiring an IT security professional (83%), followed by certifications (25%), degrees (23%), and competitive success (18%).
Some 36% of organizations said they believe security staff turnover is higher than it is in other parts of the organization.
Job postings in the cybersecurity field have gone up 74% over the past five years--a Cisco report estimates that there are currently 1 million unfilled cybersecurity jobs worldwide. US News and World Report ranked a career in information security analysis fifth on its list of best technology jobs. So, if you're looking to make a career change and ensure job stability, IT security may be the way to go.
Security is not a budget priority for most organizations, the report found. Some 25% said they spend more than one-quarter of their IT budget on security and related expenditures. While 37% of respondents said they spend 10-25% of their IT budget on security, another 37% of organizations said they spend under 10% on these efforts.
"The shortage of staff able to solve complex security issues is an industry problem that continues to worsen, but the way organizations are going about filling this void is all wrong," said Chris Schueler, Trustwave senior vice president of managed security services, in a press release. It's not just about hiring, but about better training and more budget support, Schueler added.
The 3 big takeaways for TechRepublic readers
1. Some 57% of businesses say finding and recruiting talented IT security staff is a large challenge, according to a report released Wednesday from Osterman Research and Trustwave.
2. More than six out of 10 businesses surveyed said that half or fewer of their security employees had specialized skills and training needed to combat complex security problems.
3. There are currently 1 million unfilled cybersecurity jobs worldwide, according to a recent Cisco report, making this a lucrative field for job seekers.
- Help wanted: Universities double down on security to help fill 1 million open jobs (TechRepublic)
- Video: What the Secret Service can teach us about cybersecurity (ZDNet)
- TiaraCon to bring more women into critical, lucrative cybersecurity jobs that are going unfilled (TechRepublic)
- IoT devices can be hacked in minutes, warn researchers (ZDNet)
- What business leaders need to know about the state of cybersecurity (TechRepublic)