“The cybersecurity workforce shortfall remains a critical vulnerability for companies and nations”: that’s the conclusion of a new report focused on bridging the digital skills gap. And the problem is especially acute in the UK where the IT industry is the least satisfied among its international peers that the country’s education system is supporting the cyber security profession.
The Intel Security Hacking the Talent Shortage survey was put together by the IT in conjunction with Center for Strategic and International Studies (CSIS), and focuses on what can be done to address the growing skills gap. It’s a gap that is particular concern to UK employers, where only 14% of IT decision-makers believe the nation’s education system fully prepares professionals for the cyber security industry.
The global survey also revealed several worrying trends:
- 82% of respondents report a shortage of cybersecurity skills
- 71% of respondents report the shortage in cybersecurity skills does direct and measurable damage
- 9 out of 10 respondents said that cybersecurity technology could help compensate for skill shortages
- 3 out of 4 respondents said their government is not investing enough in building cybersecurity talent
As a result of the persistent skills shortage, 32% of companies say they are unable to maintain an adequate staff of cyber security experts, with 22% saying they fear being targeted by attackers because they know the company’s cyber security is not strong enough, with a further 22% concerned about the firm’s reputation in the event of a hack.
‘Degrees not necessarily the answer’
How well a country’s education system provides the right skilled people is also discussed, and the authors point out that degree level qualifications are not necessarily the answer. “Despite our respondents’ typical insistence on a bachelor’s degree as a baseline credential for cybersecurity work, only 23% of respondents say education programs are preparing students to enter the industry. A bachelor’s degree in a technical field is ranked third by survey respondents among most effective ways to acquire cybersecurity skills, behind hands-on experience and professional certifications.
“This contradiction indicates that a degree is more of a signal of general competence than an indicator of directly relevant cybersecurity skills. In the UK and Japan in particular, respondents are more likely to downgrade the value of traditional education programs for attaining cybersecurity skills. More than three-fourths of survey respondents cited professional certifications as an effective way to demonstrate skills, with respondents in the UK, Australia, Mexico, and Israel finding these credentials most useful.”
Supporting this finding, a large number of respondents believe that hands-on and practical training deliver more effectively than traditional education resources.
‘Government must do more’
“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector have not brought enough urgency to solving the cyber security talent shortage,” said Chris Young, senior vice-president and general manager of the Intel Security Group.
“To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and deliver deeper automation so talent is put to its best use on the front line. Finally, we absolutely must diversify our ranks.”
“A shortage of people with cyber security skills results in direct damage to companies, including the loss of proprietary data and IP,” said James Lewis, senior vice-president and director of the strategic technologies program at CSIS.
“This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organisation.”