Skills gap still plagues the IT security industry

The new (ISC)² Global Information Security Workforce Study has been published, and has found that the so-called skills gap is still plaguing IT security.

Indeed, the report (which was spotted by SC Magazine) found that come 2020, there will be a shortfall of no less than 1.5 million security professionals, and that will not help the likelihood of stemming data breaches which are already becoming a more prevalent facet of everyday life.

The lack of skilled cyber-security experts also means that organisations are slower to react to data breaches than they should be, with almost half (44 per cent) saying it takes up to seven days to correct a data breach, and one in five (19 per cent) giving a time period of three weeks.

In total, 62 per cent of respondents said that their company doesn’t have enough IT security pros on its books, which is up from 56 per cent in the 2013 survey. The reason for the shortfall has also changed – the report notes that things aren’t about budget any more, but simply an “insufficient pool of suitable candidates” which enterprises have to pick from.

Organisations, having to deal with increased amounts of cyber-criminal activity, and threats from the inside such as employees falling for phishing scams – not to mention greater security strains from the expanding IoT – will certainly seek to hire more IT security pros in the next year, with a global increase of 195,000 predicted (up 6 per cent over last year).

The report concludes: “Awareness needs to be increased about the advantages and benefits of a career in information security. The awareness needs not only be made to those within the information technology profession, but to potential information technology professionals – those still studying within the many quality academic institutions that prepare tomorrow’s workforce. Only by attracting more to the security profession can the shortage of information security professionals be genuinely addressed.

“Needless to say, a lack of action will aggravate the shortage. With a lack of action, finding qualified personnel will become more challenging and the salaries of information security professionals will continue to rise. Also, a lack of action will result in some security tasks not getting done or being done ineffectively or sub-optimally, resulting in unpalatable vulnerabilities in cyber defences and an inefficiently run security department.”