sb-eu logo
Story image

Work in cybersecurity? 59% of organisations have unfilled security positions

18 Apr 2018

If you’re not qualified in cybersecurity then research suggests that you should be as it’s certainly a ‘buyers’ market’.

ISACA has released part one of its annual ‘State of Cybersecurity’ report for 2018, detailing workforce development, staffing, budget, and organisation of security teams around the world.

According to the report, enterprises continue to struggle with funding, staffing and retaining an adequate security workforce. In fact, 59 percent reported that they had unfilled (open) cybersecurity/information security positions within their organisation, while the majority (26 percent) stated it takes on average six months or more to fill a cybersecurity/information security position.

Of course this is nothing new as previous years’ results of the survey (and various others) have highlighted the issue but ISACA says this year’s findings uncover additional characteristics of the skills gap with several contributing or potentially exacerbating factors that impact security staffing, skill building and talent retention.

The key findings included both positive and negative points as while the skills challenges remain, they are better understood.

This means while the skills gap continues unabated and enterprises still have open security positions, the time to fill them appears to have decreased slightly.

Demand is greatest for skilled technical resources at the individual-contributor level, rather than the management or executive level. For job seekers, technical skills are a strong differentiator—especially those that can be objectively demonstrated.

Gender disparity is present but ISACA affirms it can be mitigated. Men perceive similar opportunities in security careers, regardless of gender; however, their perceptions are not shared by women colleagues. Active enterprise diversity efforts help to equalise (but do not fully mitigate) this disparity.

In a positive trend, budgets are on the rise. Last year’s survey results showed that budgets were expanding but at a slower rate compared to previous years (50 percent predicted that budgets would grow. This year budget expansion will increase at a higher rate than last year and the year before that with 64 percent of respondents indicating that their security budgets will expand.

Respondents are also slightly more confident than last year in terms of security preparedness as they are encouraged by how it is being prioritised within their enterprises.

Despite this, ISACA asserts the results suggest a lack of consensus about organisational placement (i.e. reporting structure) for security teams, and a wide array of approaches are in active use.

Reporting on the findings, Skillsoft digital skills VP Emily Wiese says digitalisation is commonplace in today’s business world - and so is the resulting skills gap.

“Many organisations are struggling with effective and efficient digital adoption because they expect employees to adapt to these technical changes on their own. It is the employer’s responsibility to provide adequate training and resources for tools they expect their employees to use,” says Wiese.

“Furthermore, assessment and accountability should be built into this training so that employers can quantify results and identify areas for improvement. It’s not as simple as offering one-off digital skills training courses or developing an open-ended mandate that all employees must understand and use the tools available to them. Instead, organisations must implement holistic, strategic training processes and they must track the success of these programmes.”

ISACA sent the survey to a global population of cybersecurity professionals who hold ISACA’s Certified Information Security Manager and/or Cybersecurity Nexus Practitioner (CSX Practitioner) designations and individuals in information security positions. A total of 2,366 individuals participated in the survey and their responses are included in the results.

Story image
Lazarus Group linked to phishing attacks on cryptocurrency sector
In this case, the attacks were launched through a phishing document sent via LinkedIn to employees at the targeted organisation. This phishing document was styled to look like a job advertisement for a role in a blockchain company.More
Story image
Bring Your Own PC security to transform businesses within five years - Gartner
“Prior to the COVID-19 pandemic, there was little interest in BYOPC."More
Story image
Radware issues security alert, warning of global rise of DDoS-for-hire
Efforts from corporations, law enforcement and independent researchers around the world have attempted in the last two years to curb this growth – but the industry keeps growing says Radware information security researcher Daniel Smith.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
Misinformation on the rise, organisations consider how best to respond
The increase in misinformation and fake domains have left organisations perceiving the threat level to be ‘very significant’, with a third planning greater emphasis on their ability to respond in coming months.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More