Real-World Fallout From The Cybersecurity Skills Gap

 By Kelly Jackson Higgins

 If the importance of cybersecurity wasn’t personal and up close to you before, maybe the 2016 presidential election and its aftermath will make it so. Or maybe things got real for you if you were one of the millions whose personal information was compromised by security breaches of giants like Target or Yahoo.

For those of us who remember consulting encyclopedias and writing letters to connect to friends, we may personally yearn for simpler times. But if we lead or simply work in business we cannot escape this digital world that gobbles up, stores and spits out massive volumes of data every second, every day.  We, ourselves, collect data for our own businesses – becoming at once user and potential victim.

Considering that, it would seem reasonable that if it’s worth collecting; data is worth protecting. But there’s the rub.  “New data out today (12/15/16) demonstrates just how the 1 million or so unfilled cybersecurity jobs coupled with the struggle to keep existing professionals up-to-date in their skills training are resulting in security breaches,” writes Kelly Jackson Higgins.

Basically, this says there aren’t enough trained cybersecurity experts to go around and security breaches are happening because of the shortage. It’s a problem requiring a resolution that falls squarely on business leadership.

Look at the facts:

  • From a survey of security professionals worldwide by The Information Systems Security Association (ISSA) and analyst firm Enterprise Strategy Group (ESC):
    • “Some 54% of organizations…have suffered at least one security event in the past year, and most attribute the events to a lack of security staff or training.
    • “Among the reasons for these security failures: the cybersecurity team isn’t big enough (31%); insufficient training for non-technical employees (26%); cybersecurity isn’t a high priority for business and executive management (21%).”
  • From Ernst and Young’s E&Y’s Annual Global Information Security Survey:
    • “Some 57% of security pros…had suffered a security incident, and 56% cited lack of resources and lack of executive buy-in for security (32%)…
    • “Close to half say their organization’s biggest weakness security-wise is outdated security systems.”
  • From The ISSA-ESG report, The State of Cyber Security Professional Careers: Part 1, published in October”
    • “It’s a ‘seller’s market’ for cybersecurity professionals: half of cybersecurity pros get solicited weekly about a new job opportunity.
    • “The catch, however, is that most (65%) don’t see a clear career path in the field.”

Let’s think for a moment – not enough people, inadequate training, outdated systems, undefined career paths plus not a strategic priority? Yep, it sure seems like a leadership issue. 

Contact us and we can help you better understand your data needs and your collection / protection priorities.