According to the results of a recent survey [PDF] of 775 IT decision makers worldwide, 82 percent of respondents admitted to a shortage of cyber security skills, and 71 percent said that shortage is responsible for direct and measurable damage.
The study, commissioned by Intel in partnership with the Center for Strategic and International Studies (CSIS) and conducted by Vanson Bourne, also found that one in three respondents said a shortage of skills makes their organizations more desirable hacking targets.
One in four respondents said a lack of sufficient cyber security staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data through cyber attacks.
Seventy-six percent of respondents said their government is not investing enough in developing cyber security talent, and the same percentage said the laws and regulations for cyber security in their country are insufficient.
Still, 97 percent of respondents said their organization’s board of directors now views cyber security as important.
“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cyber security talent shortage,” Intel Security Group senior vice president and general manager Chris Young said in a statement.
“To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line,” Young added. “Finally, we absolutely must diversify our ranks.”
Three in four respondents said hands-on experience and professional certifications are more important than a bachelor’s degree in a relevant technical subject, and 68 percent said hacking competitions play a role in developing cyber security skills within their organizations.
Nine out of 10 respondents said cyber security technology could help compensate for skill shortages, and 55 percent believe that, within five years, cyber security solutions will be able to meet the majority of their organization’s needs. The solutions most likely to be outsourced are those that lend themselves to automation and include threat detection, such as network monitoring and access management.
Sixty-three percent of respondents work at organizations that outsource at least some cyber security work.
According to a separate Ponemon Institute survey of 1,784 information security leaders in 19 countries, commissioned by Raytheon, 80 percent of respondents said working with a managed security services (MSS) provider is important to overall IT security.
Still, two thirds of respondents that don’t use MSS said their organizations aren’t likely to do so until they experience a significant data loss from an IT security breach.
“Cyber security is not a waiting game, and organizations without the expertise and tools required to identify and respond to skilled adversaries need to understand that,” Jack Harrington, vice president of cyber security and special missions at Raytheon Intelligence, Information and Services, said in a statement.
A recent eSecurity Planet article offered six tips for CISOs selling security to the board.