Light Dark
September 15, 2017 By Mark Samuels 3 min read

Too many businesses are not leveraging the capabilities of their existing IT professionals and fail to provide high-quality training that will boost business preparedness for the ever-increasing cybersecurity threat.

The 2017 Global Information Security Workforce Study by nonprofit membership association (ISC)² suggested that organizations need to direct attention to education and authority. As many as 43 percent of the 3,300 IT professionals worldwide who responded to the survey reported that their organization does not provide adequate security training resources.

Experts warned that a failure to deal with the ever-present security risk could lead to businesses becoming exposed. IT and human resources managers must ensure that in-house workers receive high-quality training, such as certification programs, and they should ensure external candidates have strong cybersecurity capabilities.

Why Are Organizations Failing to Make the Most of Their Talent?

The research highlighted how strong cybersecurity remains a work in progress for many organizations. Just 35 percent of technology workers reported that their suggestions for improved security are acted upon by the rest of the business.

More worryingly still, the research indicated that organizations’ ability to fend off cybercriminals has reduced during the past year. Such is the lack of preparedness for an external threat that 51 percent of IT professionals said they believed their organization’s systems are less capable of defending a cyberattack than 12 months ago.

When it comes to taking proactive steps to manage the threat, David Shearer, chief executive of (ISC)², said too many businesses fail to use the talent they already hold. In-house IT teams will already be aware of the systems and processes within the businesses and will have a good foundation from which to learn more skills.

What Steps Can IT Professionals Take to Boost Internal Skills?

Shearer said the fastest way for most businesses to improve their security stance is to provide ongoing training to retain IT professionals, reported Business Insider. He also said that technology systems and services underlie all modern business operations, and well-trained technology workers provide the best means to ensure security plans are not undermined.

The research indicated that there is much work to be done in terms of training and development. More than half (55 percent) of IT professionals said their organization does not ask its technology workers to receive a security certification. Sixty-three percent said their company simply does not have enough IT security staff.

Alongside the research, (ISC)² announced a new pathway for its Systems Security Certified Practitioner (SSCP) certification to help organizations improve cybersecurity expertise. IT professionals with a computer science degree can now be certified without the one year of paid, full-time work that was previously required to complete SSCP certification.

How Can IT Managers Fill the Cybersecurity Skills Gap?

Experts warned that an IT skills gap in the crucial area of cybersecurity can create immediate and lasting damage to business operations and customer services. Security leaders should use a combination of internal resource development and external recruitment to help prevent cyberattacks.

The (ISC)² research suggested that recruitment managers looking for new staff should view communication skills (62 percent) and analytical skills (52 percent) as the IT skills most in demand. That focus on engagement and analysis is in sharp contrast to the interests of in-house technology workers, who believe new candidates with cloud computing and security (64 percent) are the most welcome additions, followed by applicants skilled in risk assessment and management (40 percent).

IT managers searching for this security talent are likely to face a considerable battle. The skills gap is such that the global cybersecurity workforce shortage is expected to reach 1.8 million by 2022, according to (ISC)² and research from analyst Frost & Sullivan earlier this year. To this end, the analyst discovered 70 percent of employers around the world are planning to increase the size of their cybersecurity capability through 2017.

 | 
Mark Samuels
Tech Journalist

More from

January 2, 2025

Preparing for the future of data privacy

4 min read - The focus on data privacy started to quickly shift beyond compliance in recent years and is expected to move even faster in the near future. Not surprisingly, the Thomson Reuters Risk & Compliance Survey Report found that 82% of respondents cited data and cybersecurity concerns as their organization’s greatest risk. However, the majority of organizations noticed a recent shift: that their organization has been moving from compliance as a “check the box” task to a strategic function.With this evolution in…

December 31, 2024

The 5 most impactful cybersecurity guidelines (and 3 that fell flat)

4 min read - The best cybersecurity guidelines have made a huge difference in protecting data from theft and compromise, both in the United States and around the world.These guidelines are comprehensive sets of recommended practices, procedures and principles designed to help organizations and individual people safeguard their digital assets, systems and data from malicious attacks. They can cover a wide range of practices and exist in part to collect and share best practices and strategies based on industry standards and expert knowledge. Crucially,…

December 30, 2024

CISO vs. CEO: Making a case for cybersecurity investments

4 min read - Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is — at some point, even if not the first response, they will bring up budgets.For example, at RSA Conference 2024, a roundtable discussion about issues facing the cybersecurity industry, one CISO stated bluntly that budgets — or lack thereof — are the biggest problem. At a time when everything is…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature