A study carried out by the Enterprise Strategy Group and the Information Systems Security Association (ISSA) professionals and reported on
https://www.cpomagazine.com/ reveals that cyber security skills continue to deteriorate for the fourth year in a row.
The study has found that operations of over 70% of organisations are at risk due to the skills-gap. The effects of the cyber security skills gap include an increase in workloads, inability to fill open job postings, and the inability of organisations to use cyber security tools effectively.
The study which has continued for a decade now has found no progress in addressing the problem of demand and supply of cyber security professionals within the past four years.
The participants in the study included 327 cyber security professionals and ISSA members from North America (92%), Europe (4%), Asia (3%), and about 1% from Central and South America.
The study revealed that the lack of a well-defined career path for cyber security professionals was to blame for the cyber security skills gap. About 68% of the professionals interviewed did not have a defined career path. Additionally, historical solutions implemented to address the problem only made it worse.
The study also found that the cyber security skills gap could also be attributed to the need for hands-on experience for professionals to join the cyber security industry. However, gaining this experience required the workers to have cybersecurity jobs in the first place.
This requirement barred new cyber security talent from succeeding in the industry. Consequently, when asked what was more important for their career development, 52% of respondents chose hands-on experience while 44% selected both experience and cyber security certification.
Thirty nine per cent of respondents said it took between three and five years to achieve competency, while 22% said the period was between two and three years. Close to a fifth (18%) of the respondents said it took more than five years.
The majority of the respondents (64%) said their organisations do not invest in cyber security professionals. Over a third (36%) said their organisations should provide ‘a bit more’ cyber security training, while 29% believed their companies should provide ‘significantly more’ training for their cyber security workforce while 28% said their organisations were not providing enough training for the non-technical staff.
A vast majority of respondents believed cyber security vendors should do ‘somewhat or a lot more’ (68%), while 71% said the cyber security community should be doing the same. A