Lack of cybersecurity training reason for widening skill gap
The shortage of skills in cybersecurity caused by a lack of cybersecurity training is impacting 70% of organisations and this decline is now in its fourth consecutive year.
The fourth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) reveals that this shortage has worsened over the past few years.
The shortage in this skill area is impacting a majority of organisations in various ways. The most common ramifications include uneven workload for employees and unfilled positions.
The impacts of this shortage are far-reaching: the inability of organisations to apply cybersecurity technologies to their full potential put them at significant risk to the threat of cybercrime.
While the issue of skill gaps in the cybersecurity sector is not new and has been around for the past 10 years, this study indicates that there has been no significant progress towards finding a solution.
There is a strong need to identify the root cause of the shortage of cybersecurity skills. The report suggests that there is a need for a holistic approach to continuous cybersecurity education, where each stakeholder needs to play a role instead of operating in silos.
YOU MIGHT LIKE
Organisations should enable cybersecurity training for employees
The report states that 36% of respondents reported that their organisations should provide slightly more opportunities for cybersecurity training while 29% of respondents believe their organisations should provide significantly higher more opportunities for cybersecurity training.
28% of organisations believe they are not providing enough training for non-technical employees.
While the main reason for the shortage of skills in cybersecurity can be attributed to a lack of training opportunities, CISOs and business executives have a large part to play in forming the solution.
While 55% of respondents believe there is adequate CISO participation with executives and corporate boards in 2020, 24% believe that CISOs and business executives could do more to bridge this gap.
It is important for organisations to provide their cybersecurity professionals with continuous career guidance. The other more important aspect that organisations need to pay attention to is that a career in cybersecurity greatly depends on hands-on experience.
According to the report, “When asked which was most important for their career development: hands-on experience or security certifications, 52% of respondents chose hands-on experience. Still, 44% claim that hands-on experience and certifications are equally important.”
However, 68% of cybersecurity professionals surveyed don’t have a well-defined career path due to the lack of career guidance, reflecting a lack of knowledge in career progression in this field.
Ultimately, a combination of the right job, the right experience, and the right career plan is important to determine the success of cybersecurity professionals in this field.
Another factor that causes this skill gap is the ability of professionals to keep up with cybersecurity challenges and the data indicates that technology and service vendors should play a bigger part in upskilling.
Board President, ISSA International, Candy Alexander said, “The cybersecurity gap cannot be addressed by simply filling the pipeline with new people. What’s needed is a holistic approach, starting with public education, comprehensive career development and planning, and career mapping – all with the support and integration with the business.”
Alexander added that the same issues present themselves year after year, including a shortage of skills, under-trained employees, and the stress and strain caused by a career in the cybersecurity field.
There is a need for corporate directors and business executives to work towards a solution that can close the skills gap in this field.