Dive Brief:
- More than 60% of IT professionals claim security teams are either understaffed or there is a skills gap, according to an (ISC)2 survey of 3,000 IT professionals from the 2017 Global Information Security Workforce. Only one-third of respondents said their company requires a security certificate.
- Nearly half of the respondents said their company does not possess adequate support for IT security training, and only 35% said their company requires IT staff to have security certification.
- Half of respondents believe company leadership does not grasp the need for thorough security measures and therefore leaves gaps in security protocols. There are 400,000 daily potential malware threats, according to the report, and only 11% of respondents said their company can detect a data breach in real time.
Dive Insight:
There are approximately 300,000 open cybersecurity positions in the United States, and by 2022, it is expected to rise to 1.8 million. Meanwhile, spending on cybersecurity products is projected to reach $93 billion by 2018.
Companies are increasingly willing to deploy new devices or begin digital migration as part of their security efforts. Cybersecurity is an ever-evolving field that requires constant updates in IT training, but (ISC)2 found companies have only increased security training by 44%.
Most companies turn to hiring new talent in favor of educating existing talent, according to the survey. The allure of new hires may be attributed to the idea it is more cost effective to hire candidates with new expertise, but 40% of CIOs claim salary demands are the largest barrier to hiring tech talent.
Finding top talent is critical for a company's digital safety because malware and ransomware attacks are increasingly common. Although some of these attacks, like May's WannaCry, were the result of vulnerabilities in old software, it is the responsibility of IT departments to remain vigilant about device and software updates.
While it is certainly important to have an adequate budget for secure IT infrastructure, ensuring an IT workforce who can use the products in place to defend a company's network is just as critical.