A recent survey of 147 IT security decision makers and influencers found that only eight percent of respondents believe three-quarters or more of their staff have the specialized skills and training needed to handle complex issues, and fully 57 percent said finding and recruiting talented IT staff is a “significant” or “major” challenge.
The majority of respondents said less than half of their IT security departments have the specialized skills and training to handle complex issues.
The survey, conducted by Osterman Research and sponsored by Trustwave, also found that more than three times as many respondents would rather grow their staff’s skills and expertise than grow the number of people on their name.
Thirty-six percent of respondents said turnover is higher among IT security professionals than in other parts of their organization.
Approximately 40 percent of respondents said their team’s most inadequate skill sets are in emerging and evolving security threats.
“The shortage of staff able to solve complex security issues is an industry problem that continues to worsen, but the way organizations are going about filling this void is all wrong,” Trustwave senior vice president of managed security services Chris Schueler said in a statement.
“Typical recruiting methods are not proving fruitful, yet we keep seeing enterprises simply throwing bodies at the problem when what is really needed is better staff training, more budget support to hire the right personnel, and additional assistance from experienced third-party experts to help amplify the more complicated and demanding areas of security like testing, monitoring and incident response,” Schueler added.
Just 24 percent of respondents said they have complete control over their annual IT security budget. Another 51 percent said they have partial control, and 24 percent said they have little to no control over their IT security budget. Seventy percent of respondents reported disagreements between IT and senior management regarding budget and staffing issues.
“We are in a time where organizations are facing serious shortage of IT security staff members, both in the number available to fill vacant positions and in terms of the specialized skill sets that these individuals need to have,” Osterman Research president Michael Osterman said in a statement. “Failure to source IT capabilities can lead to a range of problems, resulting in data breaches and compliance violations.”
Last fall, a Vanson Bourne survey of 775 IT decision makers worldwide found that 82 percent of respondents admitted to a shortage of cyber security skills, and 71 percent said that skills shortage is directly responsible for measurable damage to their organizations.
The study, commissioned by Intel and CSIS, also found that one in three respondents said a shortage of skills makes their organization a more desirable hacking target.
“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private security haven’t brought enough urgency to solving the cyber security talent shortage,” Intel Security Group senior vice president and general manager Chris Young said at the time.