Organizations struggle to find skilled staff, leaving 82% of security teams understaffed
83% of security professionals feel more overworked going into 2020 than they were at the beginning of 2019 and 82% said their teams were understaffed, according to Tripwire-Dimensional Research report, titled Cybersecurity Skills Gap 2020. The strain on cybersecurity teams is exacerbated by the inability to find experienced staff, and 85% acknowledged it has become more difficult over the past few years to hire skilled security professionals.
The report examined how organizations are experiencing skills gap issues going into 2020. Dimensional Research conducted the survey, which included responses from 342 IT security professionals, in late December.
“It’s getting harder and harder for organizations to fill open positions on their security teams,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Larger organizations, which you might assume have more resources, are experiencing the skills gap issue even more acutely than smaller organizations. It’s a challenge to hire the right skill sets – they keep changing along with security, which is always evolving. Nearly all of those we surveyed said the skills required to be a great security professional have changed over the past few years.”
In recent years, cybersecurity conferences and online communities have been emphasizing the need to manage work stress and increase focus on mental health. While 93% expressed interest in understanding wellness issues, only 19% of companies provide resources for managing the stress associated with the specific issues of IT security.
Role of CISOs
The survey also explored views on chief information security officer (CISO) involvement. Of the 85% that said they have CISOs in their organizations, 40% said their CISOs are not involved enough in day-to-day operations, while 10% believed their CISOs are already too involved.
Erlin added: “CISOs should be focusing on high-level strategy, but because their teams are understaffed and have an overwhelming volume of work on their desks, they may have to get involved in daily operations, if they haven’t already.”
Overcoming the Skills Gap Issue
The survey results showed that these teams will be looking for some outside help to address the skills gap and strain on their teams. A large majority (85%) said managed services are a good option for addressing the security skills gap, and almost half (46%) are planning to use more managed services in 2020. In fact, 60% said they’ve already invested in managed services, and 85% said that they plan to invest in these services in the future.
As another option, 85% agreed that security teams will need to hire more people without existing security expertise, with 15% indicating that they would be doing exactly that in 2020. Half (50%) said they would be investing heavily in training their existing staff.
Erlin added: “To solve the problems caused by skills gap issues, training and managed services are both good approaches. By partnering with providers, organizations can free themselves from operational work and gain insights that will help inform decisions. And because recruiting and training isn’t always possible, managed services provide businesses a way to augment their teams.”