Cybersecurity Skills Shortage Holding Steady
The cybersecurity skills shortage is nothing new – I’ve been writing about it for years as have other analysts and researchers. I’ve also done countless presentations on this topic. Here’s a video where I’m interviewed on the cybersecurity skills shortage at the RSA Conference a few years ago. I also presented on this topic at the RSA Conference that same year.
I keep writing about the cybersecurity skills shortage for one consistent and troubling reason – it ain’t getting any better. Here’s a few data points to back up this claim (note: I am an ESG employee):
- As part of ESG’s annual IT spending intentions research, we asked respondents (i.e. about 600 IT and cybersecurity professionals in North America, EMEA, and the Asia Pacific region) to identify the different IT areas where their organization has a “problematic shortage” of skills. Cybersecurity has been identified as the #1 “problematic shortage” area across all of IT for the past 6 years in a row.
- In 2017, 45% of organizations say they have a “problematic shortage” of cybersecurity skills. This is right in line with 2016 (46%), but these last two years represented a big increase. In 2015, 28% of organizations said they had a “problematic shortage” of cybersecurity skills, 25% in 2014, 23% in 2013, and 24% in 2012. The increase over the past two years has me especially concerned.
- In 2016, ESG published a series of research reports on the state of the cybersecurity profession in collaboration with the Information Systems Security Association (ISSA, Note: The reports are available for free download here). Within this project, 437 cybersecurity professionals and ISSA members were asked whether the global cybersecurity skills shortage has impacted the organization they work at. Twenty-nine percent of respondents responded, “yes, significantly,” while another 40% said, “yes, somewhat.”
- When the ISSA members were asked to identify the impact of the cybersecurity skills shortage on their organization:
- 54% say that it increased the workload of the existing cybersecurity staff
- 35% say that they’ve had to hire and train junior staff because they had trouble recruiting and hiring more experienced personnel
- 35% say that a lack of cybersecurity skills has led to an inability to utilize some security technologies to their full potential
It is also worth noting that 25% of respondents say that the skills shortage has resulted in a high “burn out” rate amongst cybersecurity professionals.
All of this data points to a few clear and alarming conclusions:
1. The cybersecurity skills shortage isn’t getting any better.
2. The cybersecurity skills shortage is having a real and measurable impact on my organizations.
To me, these inferences indicate that the cybersecurity skills shortage represents an existential threat to all of us. I hope that Mr. Giuliani gives this serious consideration and develops a strategic plan to address the cybersecurity skills shortage and presents it to President Trump as soon as possible.