The IT skills shortage is becoming critical, and the lack of suitably skilled cybersecurity expertise means business are being attacked.

More than half of organizations (54 percent) experienced at least one type of security incident in the past year, according to research from the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA). Their report, “Through the Eyes of Cyber Security Professionals,” found that a major contributory factor is the IT skills shortage. Almost one-third (31 percent) of cybersecurity professionals said their teams are not large enough for the size of their organization.

The results tally with recent research from Intel and the Center for Strategic and International Studies (CSIS). That survey highlighted how 1 in 4 IT decision-makers believed their organizations had lost proprietary data due to the cybersecurity skills gap. The message emerging from both analyses is similar: Organizations that are ill prepared in terms of human resources are most likely to see their data exposed.

How Critical Is the IT Skills Shortage?

The results should raise an alarm among senior business executives, Infosecurity Magazine reported. More than half (54 percent) of respondents to the ESG and ISSA survey said the cybersecurity skills gap has resulted in an increased workload for staff. Additionally, over one-third (35 percent) said the IT skills shortage forced them to hire and train junior employees rather than bring on more experienced cybersecurity professionals.

About two-thirds (65 percent) of respondents said they did not have a clearly defined career path. ESG and ISSA suggested this lack of structure is due to the diversity of cybersecurity areas, the lack of professional standards and rapid changes in the field, Infosecurity Magazine noted.

The survey also noted that organizations are particularly deficient in areas that require a heavy degree of expertise. As many as 32 percent faced skills shortages with application security, for examples, while 22 percent claimed to have a shortage of cloud security skills and 21 percent lacked security engineering expertise.

Are Executives Aware of the Problem?

Perhaps the most alarming feature of the research is that the external security threat is still not considered an urgent issue. Despite tremendous media hype and a series of high-profile incidents, 21 percent said that executive management treated cybersecurity as a low priority, which in turn could lead to serious security problems.

Those results are in sharp contrast to the earlier Intel and CSIS research, which suggested 82 percent of IT decision-makers were concerned about the cybersecurity skills shortage. However, the message emerging from both studies is similar: Senior executives must wake up to the reality of the IT skills shortage to ensure their companies are prepared for these threats.

The ESG and ISSA report came to the following conclusion: “Business, IT, and cybersecurity managers, academics and public policy leaders should take note of today’s cybersecurity career morass and develop and promote more formal cybersecurity guidelines and frameworks that can guide cybersecurity professionals in their career development in the future.”

What Else Can Cybersecurity Professionals Learn?

From the rise of new techniques to fears over national infrastructure, senior business leaders in the private and public sectors must prioritize spending on cybersecurity. Addressing the IT skills, as the research demonstrated, would represent a significant step in the right direction.

More from

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read