The high cost of the IT security talent shortage
By Digital News Asia August 24, 2016
- 68.5% of companies expect a rise in the number of full-time security experts
- On average, only one applicant out of forty, meets the strict criteria for an expert position
BUSINESSES that struggle to attract skilled IT security experts end up paying up to three times more to recover from a cybersecurity incident.
Overall, 68.5% of companies expect an increase in the number of full-time security experts, with 18.9% expecting a significant increase in headcount. Thirty-three percent of businesses worldwide see improving specialist security expertise as one of the Top 3 drivers of IT security investment. Approximately half of businesses admit there is a talent shortage and growing demand for specialists.
This is one of the key findings of a report prepared by Kaspersky Lab, based on the experience of company experts and data from the 2016 Corporate IT Security Risks survey.
A significant share of businesses is also seeing a growth in wages, a general shortage in expert availability, and the need for more specialists in the field.
Forty percent of companies cite increased infrastructure complexity as a major driver for increasing IT security budgets. It’s still hard to estimate ROI for security efforts, but companies are moving ahead nevertheless. Sixty-two percent of large companies and 59% of SMBs will continue investment in IT security regardless of the ability to measure return.
On average, 15% of talent in an IT department of a large company is dedicated to security. SMBs in comparison have only two security experts out of a team of 16 IT professionals. 68.5% of businesses expect an increase, of them 18.9% think their IT security department will grow significantly (27% of enterprises, 22% SMBs), with 4.1% expecting their headcount to double over the next three years.
The growing demand is not easy to fulfill due to a lack of available specialists and increasingly complex requirements.
Kaspersky Lab's recruitment managers report that on average, only one applicant out of forty, meets the strict criteria for an expert position as managers’ duties include communication with top management and overseeing the overall strategy.
One of the solutions is to aid universities with relevant experience. Anothe is to adapt R&D efforts towards the effective sharing of intelligence with corporate customers in the form of threat data feeds, security training and services.
Kaspersky Lab Enterprise Business vice president Veniamin Levtsov feels that there is a need to provide customers with the skills and training required to identify on-going attacks.
He went on to explain that detailed knowledge about attacks on other businesses, in the form of intelligence reports, is necessary, along with actionable, machine-readable data about on-going threats.
Solving the different challenges of threat prevention, the detection of targeted attacks, incident response and prediction requires a lot of flexibility.
Among many projects to support this initiative we are developing IT Security Fundamentals – an educational course that will hopefully help more IT professionals to start their journey in the field of security expertise”.
The full report titled “Lack of security talent: an unexpected threat to corporate cybersafety” is available here.
Kaspersky Lab has launched Talent Lab for university students and young professionals to help them start their career in the field of IT Security. More information about the program can be found at academy.kaspersky.com/talentlab
Kaspersky Lab broadens cooperation with Interpol, Europol
Kaspersky Lab uncovers 'The Mask,' advance global cyber-espionage ops
Cyber-espionage and weapons on the rise in Q1: Kaspersky
Visualisation and third-party hosting pose security risks: Kaspersky
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.