Threat actors are becoming more skilled and attacks are increasing in level of sophistication, and the cybersecurity workforce can’t keep pace, according to a new study from the Information Systems Security Association.
The study, conducted by ISSA and analyst firm Enterprise Strategy Group, found that organizations largely are not investing enough into their cybersecurity workforce despite the dire need to do so, and the talent shortage is the main reason.
According to the report, The Life and Times of Cybersecurity Professionals 2021, 57% of organizations surveyed said the cybersecurity skills crises has affected them, and the impacts are causing some serious issues among IT teams.
An increasing workload (62%), unfilled positions (38%) and burnout (38%) are among the top ramifications of the cybersecurity skills gap cited in the report.
Nearly every respondent (95%) said the skills shortage and its impacts have not improved over the last few years, and 44% said it is only getting worse.
When asked which areas of security need attention, respondents cited cloud computing, application security and security analysis and investigations as the top three areas of need.
Addressing an issue this critical means organizations must invest in their people, which means offering fair and competitive compensation. However, not offering competitive compensation was the top factor when security professionals were asked about the top issues contributing to the skills shortage.
The report also found that cybersecurity professionals aren’t getting enough on-the-job training, as 39% said a lack of training is the main avenue organizations can take to address the skills shortage. However, 48% of respondents said they don’t get enough support for training from their employer. Another 82% say job requirements get in the way of training.
ISSA’s report indicates that IT and security teams need to improve their relationship with HR, management, executives and legal teams to get the entire organization to focus on cybersecurity.
In a statement, ISSA International Board President Candy Alexander said that lack of understanding between IT and the business side of organizations is exacerbating the skills gap.
“Both sides need to re-evaluate the cybersecurity efforts to align with the organization’s business goals to provide the value that a strong cybersecurity program brings towards achieving the goals of keeping the business running,” Alexander said. “Cybersecurity leaders should be able to link the security efforts directly to strategic business goals.”