Milford, MA and Vienna, VA, May 09, 2019 (GLOBE NEWSWIRE) -- The cybersecurity skills shortage is worsening for the third year in a row and has impacted nearly three quarters (74 percent) of organizations, as revealed today in the third annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG).
Further the report confirms that the cybersecurity skills shortage continues to be the root cause of rising security incidents, as organizations remain plagued by a lack of end-user cybersecurity awareness and the inability to keep up with the growing cybersecurity workload. Almost half (48 percent) of respondents have experienced at least one security incident over the past two years with serious ramifications including lost productivity, significant resources for remediation, disruption of business processes and systems, and breaches of confidential data.
In fact, cybersecurity professionals are downright skeptical about their chances for success. Ninety-one (91) percent believe that most organizations are vulnerable to a significant cyber-attack. And an overwhelming 94 percent believe that the balance of power is with cyber-adversaries over cyber-defenders. With the battlefield advantage skewed, organizations face increasing and potentially devastating cyber-risks.
Despite these findings, for the third straight year, sixty-three (63) percent of organizations continue to fall behind in providing an adequate level of training for their cybersecurity professionals. The most acute skills shortages shifted this year to cloud security (33 percent), followed by application security (32 percent) and security analysis & investigations (30 percent).
In an era where business leaders are more reliant on technology for success and are facing more scrutiny and accountability than ever before, this lack of progress and the resulting cyber-risk for organizations and their shareholders, customers and business partners should be a cause for concern for business and technology leaders alike.
The research also indicates an alarming personal impact related to cybersecurity jobs. While cybersecurity professionals remain dedicated to their craft, attracted by the deep technical challenges and moral implications, this year’s study explores for the first time the causes and consequences of stress and burnout, including:
“Based upon the results of this year’s and past research projects, it is safe to conclude that cybersecurity progress has been marginal at best over the last three years. ESG and ISSA agree with security researcher, author and ISSA Hall of Fame recipient Bruce Schneier’s quote, ‘We may be making some cybersecurity improvements but we are getting worse faster.’ This issue should be of concern to technologists, business executives and private citizens and continues to cause an existential threat to national security,” said Jon Oltsik, Senior Principal Analyst and Fellow at the Enterprise Strategy Group (ESG) and the author of the report.
“Organizations are looking at the cybersecurity skills crisis in the wrong way: it is a business, not a technical, issue. Business executives need to acknowledge that they have a key role to play in addressing this problem by investing in their people. In an environment of a ‘sellers market’ with 77 percent of cybersecurity professionals solicited at least once per month, the research shows in order to retain and grow cybersecurity professionals at all levels, business leaders need to get involved by building a culture of support for security and value the function,” said Candy Alexander, CISSP CISM, Executive Cybersecurity Consultant and ISSA International President.
Top 5 Roles in Addressing the Cybersecurity Skills Crisis
Finally, the private sector can only do so much. The public sector needs to help by investing more in training and education, public awareness, and scholarships and grants.
Download the report: https://www.issa.org/page/issa-esg-global-3rd-annual-cybersecurity-skills-survey or https://www.esg-global.com/esg-issa-research-report
Methodology
With a total survey sample of 267 cybersecurity professionals and ISSA members, representing organizations of all sizes and industry sectors and professionals located in all parts of the world, “The Life and Times of Cybersecurity Professionals, 2018: Third Annual Survey Results” is a cooperative research project by ESG and ISSA. This authoritative annual study is the only in-depth look at cybersecurity professional careers, lives and opinions about their organizations’ cybersecurity practices and well as the overall state of cybersecurity.
About Enterprise Strategy Group
The Enterprise Strategy Group (ESG) is an IT analyst, research, validation, and strategy firm that provides actionable insight and intelligence to the global IT community. Recognized for its unique blend of capabilities—including market research, hands-on technical product testing, economic validation, and strategy consulting services—ESG is relied upon by IT professionals, technology vendors, investors, and the media to clarify the complex.
About the ISSA
The Information Systems Security Association (ISSA)™ is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. ISSA members and award winners include many of the industry’s notable luminaries and represent a broad range of industries - from communications, education, healthcare, manufacturing, financial and consulting to IT - as well as federal, state and local government departments and agencies. Through regional chapter meetings, conferences, networking events and content, members tap into a wealth of shared knowledge and expertise. Visit ISSA on the web at www.issa.org and follow us on Twitter at @ISSAINTL.
Attachments