Information Security (InfoSec) is a war. That may sound dramatic, but it is nevertheless true. The barrage of data breaches, hacking innovations, and financial disruption from cybercrime feels like a literal barrage both by the sheer volume of attacks and the damage they inflict. As hackers become more organized and more corporate in their business approach, those attacks are only going to increase in volume and severity.
But as we gear up for another round of clashes in 2018, we need to remember that none of our cybersecurity solutions and protocols would be possible without the InfoSec professionals who deploy and monitor solutions and their effectiveness. But even a rudimentary glance at our professionals indicates that we are in dire straights in the numbers and morale of our InfoSec professionals.
The truth is that cybersecurity jobs throughout the country are perilously understaffed or unstaffed, and it is leaving InfoSec professionals overwhelmed and frustrated. Without a massive change in staffing and training soon, we could be facing a major deficit in our battles against the legions of hackers who mean us harm.
We’ve gathered a number of statistics from recent leading research and surveys that demonstrate the extent of the staffing issue we’re facing as an industry, and where current trends might be leading if the issue is not fully addressed.
First, while the exact number of unfilled jobs is unknown, experts do agree on a general range:
1 Million—the estimate number of currently unfilled cybersecurity jobs, according to Cisco.
1.5 Million to 2 Million—the estimate number of unfilled cybersecurity jobs in 2019, according to Symantec and the ISACA.
40,000—the number of cybersecurity jobs that go unfilled each year.
200,000—the number of other cybersecurity-related positions left unfilled.
30,000—the number of employees with specific security skills needed in the U.S., according to a 2010 interview with a government expert.
1,000—the number of above stated employees in existence.
45% of corporations do not have a cybersecurity leader. Only 35% of organizations have an established role for cybersecurity at all.
Those numbers are disturbing, especially when analysts predict the annual cost of cybercrime will rise from $3 trillion today to $6 trillion in 2021. These employment gaps are already costing InfoSec professionals:
63% of cybersecurity professionals say that the shortage creates a larger workload for their existing staff.
41% had to hire junior staff to fill positions, due to the lack of experienced staff.
93% of security operations center managers are unable to triage all potential threats or even investigate 25% of security alerts.
67% say the demand of their jobs prevents them from receiving proper continuous training.
38% say their organizations or enterprises provide the right amount of InfoSec training.
27% believe their enterprise should provide far more training.
At the root of this problem might be a lack of investment in necessary talent, according to 76% of professionals. 90% of those professionals say that technology might prove the way to help bridge the gaps.
A gender gap persists in cybersecurity staffing as well, which are certainly a contribution to this issue. Only 11% of the world’s InfoSec positions are held by women, and men hold 87% of the chief information security officer roles in Fortune 500 companies.
The above statistics will foster important considerations for enterprises and small-to-medium sized businesses considering an Endpoint Security, SIEM, or Identity Management solution. Do you have the cybersecurity staff to properly deploy a solution? Will your staff be able to utilize your selected solution to its fullest potential? Will a managed service help your staff stay on top of projects more efficiently? And will your organization be able to properly fill in cybersecurity jobs and training?
Considering to the answers to those questions will help you decide which will be the best solutions for your needs. And a decision needs to be reached soon.
Latest posts by Ben Canner (see all)
- Cyber Resilience: How to Respond to a Data Breach - April 22, 2019
- Endpoint Protection Capabilities You Need for the Cloud - April 18, 2019
- Endpoint Monitoring, EDR, and Endpoint Security: What Do You Need? - April 17, 2019