Data breaches rising because of lack of cybersecurity acumen

Organizations are feeling the pain of the cybersecurity skills shortage, and the situation is getting worse.

Some 70 percent of 343 information security professionals worldwide say they believe that the cybersecurity skills shortage has had an impact on their organization, according to a new survey conducted by the Information Systems Security Association (ISSA) and the analyst firm Enterprise Strategy Group (ESG).

Most significantly, the skills shortfall appears to be exacerbating the number of data breaches that are occurring. Nearly half (45 percent) of the organizations surveyed experienced at least one security event during the past two years, and 91 of the respondents believe that their organization is vulnerable to a significant cyberattack or data breach.

Oltsik-Jon-CROP.jpg

According to these data security professionals, the skills shortage is one of the two chief factors contributing to these events. The other is a dearth of training for non-technical employees. Worse yet, 62 percent of the respondents indicate that their organization doesn’t provide adequate training for its cybersecurity staff.

Specifically, the respondents pointed to several acute skill shortages, including security analysis and investigations, application security and cloud computing security. Further aggravating the situation, one out of five of those surveyed indicated that cyber security is still a low priority for their executive management.

The implications of the skills shortage are becoming more pervasive and ominous, notes Jon Oltsik, senior principal analyst at ESG and the report’s author. “It is clear that the solution must be about more than filling jobs,” he says. “It is about creating an environment from the top down of cybersecurity as a priority.”

For reprint and licensing requests for this article, click here.