Cybersecurity skills gap remains stubbornly large
18 September 2018 | 0
The cybersecurity skills gap has remained stubbornly large, according to the latest report from ISACA.org.
Surveying more than 2,300 cybersecurity professionals globally, the report says that almost 3 in 5 (59%) of organisations have unfilled cyber or information security positions. To add to difficulties, more than half (54%) say that it takes 3 months or more to fill such a position.
The skills gap is most acutely felt for technically skilled staff, as reported by more than three quarters (77%) as opposed to less than half (46%) who said the difficulties were most acute for non-technical staff.
Of the technical staff available, more than a third (39%) said there is an inability among such professionals to understand business needs, while a third said that there were deficiencies in their technical skills.
Gender disparity was identified as a key problem area. The vast majority of male respondents (82%) said that men and women are offered the same opportunities for career advancement in cybersecurity, however, only half (51%) of women said the same. Only half (51%) of respondents said their organisation had gender diversity programmes in place to support women cybersecurity professionals. Furthermore, at organisations where such programmes were in place, 87% of men and 77% women agree that equal opportunities are offered.
According to the report, skills challenges remain but are better understood than previously.
“Enterprises still have open security positions, and the time to fill them appears to have decreased slightly,” says the report. “Demand is greatest for skilled technical resources at the individual-contributor level, rather than the management or executive level. For job seekers, technical skills are a strong differentiator — especially those that can be objectively demonstrated. For enterprises, automating security activities and better, more efficient vetting of security technical personnel may create competitive advantage.”
On gender disparity, there is some room for optimism, as the report suggests that while disparity is present, it can be mitigated. “Men perceive similar opportunities in security careers, regardless of gender; however, their perceptions are not shared by women colleagues. Active enterprise diversity efforts help to equalise (but do not fully mitigate) this disparity.”
While there is much to be done to address the cybersecurity skills gap, there are other positive signs identified by the report. Almost two thirds (64%) said that budgets were increasing, while slightly more (69%) felt their board was sufficiently prioritising cybersecurity issues. And, business and security strategy alignment was perceived as improved by 84% in 2018, compared to 79% in 2017, and 75% in 2016.
However, this global picture translates locally to a similar set of issues. There is a significant shortage of skilled professionals, while organisations, of all sizes, face increasing cybersecurity risks. With gender issues also present, as well as a lack of entrants to the market, the issue requires immediate attention.
To help organisations tackle this situation Technology Ireland ICT Skillnet will hold an event entitled “Filling the Cybersecurity Skills Gap” at the IMI, Dublin on 3 October, which will not only look at the threat landscape but also how to tackle the skills gap that has emerged. The event will launch a new initiative called Cybersecurity Skills Initiative (CSI) which will attract new talent to the field, and brings together a broad coalition of industry, academic and government partners to be led by Skillnet Ireland.
This is a free event but registration is required.