Cybersecurity skills shortage puts networked world at risk

The lack of cybersecurity skills creates vulnerability across industry sectors, according to a survey commissioned by the Center for Strategic and International Studies.

The healthcare industry has especially been a target, as evidenced by the number of massive data breaches in 2015 and ransomware incidents earlier this year. The survey, which polled 775 IT security decision-makers across industries in Australia, France, Germany, Israel, Japan, Mexico, the United Kingdom, and the United States, found that:

  • 82 percent reported a shortage of cybersecurity skills
  • 71 percent said that shortage creates direct and measurable damage. The Ponemon Institute estimates the cost of breaches for the healthcare industry to be $6.2 billion, with the average cost to an individual organization at $2.2 million
  • The most hard-to-find skills are intrusion detection, secure software development and attack mitigation, respondents say
  • 76 percent of respondents said their government is not investing enough in building cybersecurity talent and an equal number said cybersecurity regulation is outdated

The report calls for governments to boost these critical skills by pushing for more cybersecurity training programs, promoting hackathons and IT challenges and developing clearly defined roles in cybersecurity that can be used by a number of different industries. It flatly states that educational institutions do not adequately prepare students for entry-level positions in this field.

Employers should put more stock in professional certifications and hands-on experience than degrees when making new hires, and existing workers should be given more opportunities to upgrade their skills, according to the survey. Providing avenues for growth could be a difference-maker for employees deciding whether to change jobs. Workforce diversity is also needed, according to the report, which cites an International Information System Security Certification Consortium or (ISC)² survey of cybersecurity professionals that found only 11 percent were women.

- read the report