Intel Security and the Center for Strategic and International Studies (CSIS) did a survey and found that there is a global cyber-security talent shortage, with governments being blamed by a number of respondents. Intel and CSIS found four major obstacles based on the findings: government policies, education and training, lack of spending, and employer dynamics.
Who’s to blame for the shortage?
Nearly 1,000 global respondents who are working for large organizations and are deeply involved in the cyber-security sector were consulted for the survey entitled Hacking the Skills Shortage. What’s worth noting is that around 80% of the respondents admitted in the survey that there is a shortage of cyber-security skills, of which 71% of respondents said this lack of talent makes particular organizations more vulnerable to direct attacks.
About 25% of the respondents with breached companies disclosed that this crisis results directly in losses of proprietary data. Additionally, the respondents predict that an average of 15% of cyber-security positions at their firm will go vacant by 2020.
James A. Lewis, senior vice president and director of the Strategic Technologies Program at CSIS, said a shortage of people with cyber-security skills leads to direct damage to companies, including the loss of proprietary data and IP.
“This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organisation.”
Who is to be blamed for such a large skills gap? The respondents gave many reasons. Some blame their own governments for not investing enough in cyber-security talent. A little less than half of the respondents said lack of training or qualification sponsorship is another common reason for the lack of talent.
Intel suggests a few measures to bridge the gap
What can be done to avert the crisis? An increase in cyber-security budgets looks like a good straightforward idea, but the addition of better training and education could also help in filling the gap that saw over half of the respondents agree that cyber-security lags other IT fields. In addition, the report also recommends a diversification of the sector with external training or greater opportunities to mend the gap.
Some other solutions include asking for the level of automation that can be deployed in cyber-security and collecting attack data to develop better metrics to promptly identify threats. This cyber-security automation is being fast-tracked by several cyber-security researchers.
“To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line. Finally, we absolutely must diversify our ranks,” said Senior Vice President and General Manager of Intel Security Group Chris Youn.