A survey conducted by (ISC) 2 shows there would be a need to double the number of cyber security specialists in the world to meet companies’ demands. The study also sheds light on the strategies to be followed to compensate for the understaffing of IT security teams.
The new study reveals the importance of the shortage of cybersecurity specialists. According to (ISC) 2, the certifying body for IT security professionals, there are currently 2.8 million cyber security professionals worldwide. Insufficiency to meet the demand requires increasing this number by 145%. There are currently 4 million specialists in the field missing. The study is based on an online survey of 3,237 security / cybersecurity officers in North America, Latin America and Asia-Pacific. In Europe, where the shortage is estimated at about 290,000 specialists, it was almost doubled in 2018.
Within nearly two-thirds of the companies that took part in the study, the security teams are under- effective. This lack of staff is their main concern, rather than lack of resources or budget. It is a context that is not without consequences since half of the officials questioned say that their organization is exposed to a moderate or extreme risk because of this shortage.
Specialists who want to evolve
The (ISC) 2 report also provides ideas and concrete strategies for setting up and developing strong cyber security teams. "Knowing where we are and what delta needs to be filled is an important step toward overcoming our industry's recruitment challenges," says Wesley Simpson, COO's Chief Operating Officer of the certification body. It particularly appears that less than half of cybersecurity specialists have started their careers in the field. A majority is no longer changing especially because of high demand, job security and the challenging nature of the job.
Although most IT security professionals have a more or less clear idea of how their career will evolve. They believe that there may be different obstacles in their path, mainly due to the cost of certifications. "By supporting these costs, organizations can help to meet and grow their cyber security professionals, increasing the chances that they will stay," the study authors note.
Focus on training and internal promotion
How are IT security departments planning to fill the gap? More than two out of three companies give priority to training and internal promotion. Nearly half intend to increase their safety training budget in the coming year. It is also about recruiting outside the company, mainly on the side of new graduates and retraining professionals. Companies also turn to consultants or professionals employed by security and hardware service providers.