Mitigating cyber risk continues to challenge organizations and their risk leaders, as threat actors become more sophisticated and varying in their threats, tools, targets and locations.
In fact, three in five companies1 aren’t ready to fully navigate exposures associated with digital threats. This exposure concern, is due in part to a talent recruitment issue that has been impacting cyber security for more than a decade:
- 60 percent of organizations report that they struggle to recruit cyber security talent
- More than half of business leaders surveyed say they struggle to keep cyber security talent.2
Cyber talent constraints are a familiar problem for companies. There are simply not enough cyber security professionals in the workforce able to combat the threats and keep pace with an increasingly sophisticated group of threat actors. There currently is a shortage of more than 2.7 million cyber professionals3 globally, more than a quarter of which are in the U.S., according to the World Economic Forum.
How can companies successfully defend themselves against these myriad threats while maintaining a motivated and engaged workforce?
The Scope of the Issue
Cyber security remains an enormous challenge, and the current shortage of professionals to combat the threat is having a detrimental effect. More than 80 percent of companies have experienced a breach attributable to a lack of cyber security skills or overall employee cyber awareness.
A hole in cyber security personnel can potentially lead to catastrophic results. About two-thirds of companies say that the lack of cyber security professionals places them at greater risk of a breach.4 This lack of talent leaves many companies vulnerable to a potentially costly breach, especially companies known to maintain sensitive data. Nearly four in 10 companies reported experiencing a breach that cost them more than $1 million.5 Add to that the cost of damage to the company’s reputation, and it’s easy to understand why the cyber security gap is of such importance.
Is it a Talent Gap or a Skills Gap?
There’s a talent gap in cyber security, however, there’s also a lack of skills currently hampering organizations. In fact, 59 percent of businesses reported they would find it challenging to respond to a cyber incident due to shortage of skills on their team.6 Cyber security has always been a race between the threat actors and those trying to prevent attacks. As attackers refine their methods and find new ways to exploit vulnerable systems, cyber security professionals continue to stay up to date to effectively combat the threat. Companies prefer to employ credentialed professionals with specialized certifications. That training is expensive and extensive, some with difficult certification exams.
In reality, the current issue is both a talent gap and a skills gap. There needs to be more cyber security professionals, and they need more skills. How can companies keep up?