A recent Tripwire survey of 315 IT security professionals at companies with more than 100 employees found that 100 percent of respondents believe soft skills are important when hiring for their security teams, and 72 percent said the need for those skills has increased over the past two years.
The three most important soft skills cited by respondents are analytical thinking (65 percent), good communication (60 percent), and troubleshooting (59 percent). Two skills were tied in fourth place, cited by 58 percent of respondents: ability to work under pressure, and strong integrity and ethical behavior.
“The cyber security industry should not overlook the soft skills that are needed to build a strong security program,” Tripwire vice president of product management and strategy Tim Erlin said in a statement. “The reality is that today’s security pros need to go beyond technical expertise.”
“Security practitioners need to be good communicators who can connect cyber security issues to business priorities, rally the rest of the organization to get involved, solve tough problems and handle sensitive issues with integrity,” Erlin added.
Twenty-one percent of respondents said soft skills are actually more important than technical skills when hiring staff, and 17 percent expect to hire people without security-specific expertise over the next two years.
Ninety-eight percent of respondents said non-security functions need to be more involved in cyber security going forward. Of those, 74 percent said IT operations need to be more involved in security, followed by risk management (60 percent), compliance (53 percent), legal (45 percent) and human resources (32 percent).
“With security-related regulations like GDPR on the rise, it’s unsurprising that respondents expect their legal and compliance teams to get involved in cyber security,” Erlin said. “It’s become increasingly apparent that security is a shared responsibility, even for those without any technical cyber security experience.”
“Employees from other functions can partner with their security teams to help them look at issues from different perspectives, help further the broader organization’s understanding of cyber security, and help enforce best security practices across the organization,” Erlin added.
Investing in Security
A separate Fujitsu survey of 1,625 global business leaders found that 90 percent of respondents are taking steps to increase their digital expertise, and 70 percent admit there’s a clear lack of digital skills within their organization.
Eighty percent of respondents say a lack of skills is getting in the way of their company’s ability to address cyber security issues.
Fifty-one percent of respondents say cyber security is likely to be very important to the financial success of their organization, and 52 percent are planning to invest in cyber security technologies within the next 12 months.
“The introduction of new technology into a business has always called for balance,” Fujitsu CEO, SEVP and head of Americas and EMEIA Duncan Tait said in a statement. “However, as the pace of technological change continues to gather, balance has never been more important. It is no longer enough just to have the best applications and devices; without talented and capable people to use them, they are meaningless.”