New data demonstrates how the one million unfilled cybersecurity jobs coupled with the struggle to keep existing professionals up-to-date in their skills training are resulting in security breaches. The Information Systems Security Association (ISSA) and analyst firm Enterprise Strategy Group (ESC) published a report from a survey of security professionals worldwide that connects the dots between a lack of staffing and skills to the inability to fend off cyberattacks.
Some 54% of organizations in the study have suffered at least one security event in the past year, and most attribute the events to a lack of security staff or training. About 70% say the cybersecurity skills gap has had an impact on them.
Among the reasons for these security failures: the cybersecurity team isn't big enough (31%); insufficient training for non-technical employees (26%); cybersecurity isn't a high priority for business, and executive management (21%). Nearly 55% say their existing cybersecurity teams are facing heavy workloads given the lack of manpower available such that 35% aren't schooled enough in their security tools to successfully fulfill their jobs.
Security professionals in the study also said they want more help from the government. Some 57% say the government should be "significantly" more involved with cybersecurity strategy and defense, and 32% say "somewhat more active." More than half (54%) want better security information-sharing with private industry; 44% want the incentives from the feds to beef up their own security; and 43% want government-funded cybersecurity training and education.
In addition, one-third of the organizations in the survey lack security analysis and investigation skills; 32%, application security skills; 22%, cloud security skills; and 21%, security engineering skills.Last, about one-third report getting hit with ransomware attacks, while nearly 40% say they had to reimage one or more endpoint or server due to a security incident.