November 5, 2024 By Mike Elgan 2 min read

The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM’s 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.

And that’s expensive. This skills deficit adds an average of $1.76 million in additional breach costs.

The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally crucial are skills in data analysis, risk management and compliance expertise.

Critical skills in short supply

According to cybersecurity experts, an incident response specialist is one of the most critical roles for reducing breach impacts. The IBM reports from 2020 and 2022 make it clear that the ability to quickly detect, contain and mitigate breaches can radically reduce costs, and this is still true today.

While a well-rounded security team with diverse skills remains the ideal scenario for most organizations, it remains elusive for many.

Cloud security expertise is also increasingly prized as more organizations migrate data to the cloud.

Strong coding skills for secure development and automation are also in short supply. Proficiency in security information and event management (SIEM) tools and threat-hunting techniques can significantly improve detection and response times.

While technical prowess is crucial, soft skills are also surprisingly important. The number one soft skill, of course, is communication. Cybersecurity pros need to be able to explain complicated security concepts, processes and threats to non-security technical people and non-technical people in the organization.

In incident response scenarios, staying calm under pressure and making sound decisions quickly can make the difference between a contained incident and a full-blown data breach. Problem-solving skills are also essential when teams encounter unfamiliar threats, requiring creative thinking to develop custom containment strategies.

Read the Cost of a Data Breach Report

Red flags in the hiring process

Organizations should be wary of certain traits when building security teams. Rigidity and an unwillingness to learn are major red flags in an industry where the threat landscape evolves constantly. Lone-wolf mentalities are also detrimental, as effective security requires collaboration across multiple disciplines.

Hiring people who can think critically, collaborate effectively and adapt quickly to changing circumstances is critical.

Closing the cybersecurity skills gap

Many organizations are taking a multi-pronged approach to combating the skills shortage. Common strategies include expanding internal training programs, encouraging certifications and partnering with universities to develop cybersecurity curricula.

Innovative companies are leveraging AI to augment their team’s capabilities, allowing human experts to focus on higher-value tasks.

“With the advent of Generative AI, we can provide less experienced staff with insights and recommendations, enabling them to make better decisions,” according to Sam Hector, Senior Strategy Leader at IBM Security. “AI is also enabling better management of complex security environments by identifying misconfigurations and vulnerabilities, either remediating them automatically or recommending how.”

And just as the cost of breaches that result from the skills gap can be measured in dollar terms, so can the savings resulting from AI tools. “Those with extensive use of AI [are] realizing average breach cost savings of $1.9 million,” according to Hector. “And those using AI extensively in prevention workflows specifically were able to save $2.2 million in breach costs on average.”

As the cybersecurity skills shortage persists, organizations must prioritize hiring and upskilling to build robust security teams. Companies can better position themselves to mitigate the costly impact of data breaches by focusing on a mix of technical prowess and essential soft skills. The investment in human capital today could save millions in potential breach costs tomorrow.

More from Data Protection

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today