Skip to main content

Cybersecurity skills gap worsens for fourth consecutive year

(Image credit: Image Credit: Wright Studio / Shutterstock)

The cybersecurity skills gap has worsened for a fourth year running, according to a new report from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG).

The report states that the skills shortage affects 70 percent of all organizations, resulting in an increased workload for security staff, unfilled open job openings and an inability to utilize security technologies to the fullest extent.

Alarmingly, the issue shows no signs of abating, with 45 percent of respondents claiming the skills gap and associated ramifications have only deepened in recent years.

“As this and past reports clearly indicate, key constituents are not looking at the profession strategically. While we are making some fragmented progress, the same issues present themselves year after year,” said Jon Oltsik, Senior Principal Analyst and ESG Fellow.

Part of the issue, according to the report, is that cybersecurity professionals are lacking the career guidance they need to succeed in the field. Most (68%) of the security staff surveyed said they do not have a well-defined career path, while others claimed the lack of apprenticeship-style opportunities serves to limit recruitment options.

Respondents also suggested businesses are failing to account for the time it takes to train new security staff. Four in ten said it takes anywhere from three to five years to develop true cybersecurity proficiency, while 18 percent said this process is even more drawn out, suggesting entry level staff should not be viewed as an immediate fix.

The cybersecurity professionals surveys also called on businesses to deliver sufficient training regimes for non-technical staff, which has been cited as a shortcoming in all three previous studies conducted by ISS.

“The cybersecurity gap cannot be addressed by simply filling the pipeline with new people,” explained Candy Alexander, Board President at ISSA International.

“What’s needed is a holistic approach, starting with public education, comprehensive career development and planning, and career mapping - all with the support and integration with the business.”