The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM’s 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.
And that’s expensive. This skills deficit adds an average of $1.76 million in additional breach costs.
The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally crucial are skills in data analysis, risk management and compliance expertise.
Critical skills in short supply
According to cybersecurity experts, an incident response specialist is one of the most critical roles for reducing breach impacts. The IBM reports from 2020 and 2022 make it clear that the ability to quickly detect, contain and mitigate breaches can radically reduce costs, and this is still true today.
While a well-rounded security team with diverse skills remains the ideal scenario for most organizations, it remains elusive for many.
Cloud security expertise is also increasingly prized as more organizations migrate data to the cloud.
Strong coding skills for secure development and automation are also in short supply. Proficiency in security information and event management (SIEM) tools and threat-hunting techniques can significantly improve detection and response times.
While technical prowess is crucial, soft skills are also surprisingly important. The number one soft skill, of course, is communication. Cybersecurity pros need to be able to explain complicated security concepts, processes and threats to non-security technical people and non-technical people in the organization.
In incident response scenarios, staying calm under pressure and making sound decisions quickly can make the difference between a contained incident and a full-blown data breach. Problem-solving skills are also essential when teams encounter unfamiliar threats, requiring creative thinking to develop custom containment strategies.
Read the Cost of a Data Breach Report
Red flags in the hiring process
Organizations should be wary of certain traits when building security teams. Rigidity and an unwillingness to learn are major red flags in an industry where the threat landscape evolves constantly. Lone-wolf mentalities are also detrimental, as effective security requires collaboration across multiple disciplines.
Hiring people who can think critically, collaborate effectively and adapt quickly to changing circumstances is critical.
Closing the cybersecurity skills gap
Many organizations are taking a multi-pronged approach to combating the skills shortage. Common strategies include expanding internal training programs, encouraging certifications and partnering with universities to develop cybersecurity curricula.
Innovative companies are leveraging AI to augment their team’s capabilities, allowing human experts to focus on higher-value tasks.
“With the advent of Generative AI, we can provide less experienced staff with insights and recommendations, enabling them to make better decisions,” according to Sam Hector, Senior Strategy Leader at IBM Security. “AI is also enabling better management of complex security environments by identifying misconfigurations and vulnerabilities, either remediating them automatically or recommending how.”
And just as the cost of breaches that result from the skills gap can be measured in dollar terms, so can the savings resulting from AI tools. “Those with extensive use of AI [are] realizing average breach cost savings of $1.9 million,” according to Hector. “And those using AI extensively in prevention workflows specifically were able to save $2.2 million in breach costs on average.”
As the cybersecurity skills shortage persists, organizations must prioritize hiring and upskilling to build robust security teams. Companies can better position themselves to mitigate the costly impact of data breaches by focusing on a mix of technical prowess and essential soft skills. The investment in human capital today could save millions in potential breach costs tomorrow.