Many organizations are understaffed, many lack some (or many) types of advanced cybersecurity skills, and the staff is too busy to invest time in continuing education to keep up with the latest threats:
• According to ESG research from early 2017, 45 percent of organizations claim to have a problematic shortage of cybersecurity skills.
• In a recent research project conducted by ESG and the Information Systems Security Association (ISSA), 70 percent of cybersecurity professionals say the cybersecurity skills shortage has had an impact on their organization. The skills shortage has led to an increasing workload on existing staff, the need to hire and train junior employees due to the lack of experienced talent, and a situation where the cybersecurity staff spends most of its time on emergency issues and very little time on proactive strategic planning or training.
• When asked to identify factors that contributed to past security incidents, 22 percent said their cybersecurity team was not large enough for the size of their organization, while 18 percent stated that the cybersecurity team cannot keep up with the workload.
• More than two-thirds (67 percent) of cybersecurity professionals claim they are too busy with their jobs to keep up with skills development and training.