Cisco Subnet An independent Cisco community View more

Information Security Skills Shortage Continues

Large enterprises feel the pain most acutely

Like other analyst firms, ESG conducts research on IT Spending Intentions annually. One of the things we track is IT hiring plans in all areas including IT security. In 2011: • 35% of all mid-market and enterprise organizations planned on hiring security staff • 22% believed they had a “problematic shortage” of security skills at their organizations The situation has not improved at all over the past year. In 2012: • 39% of mid-market and enterprise organizations plan on hiring security staff • 23% believe they have a “problematic shortage” of security skills in their organization I dug into the 23% who believe they have a “problematic shortage” of security skills. Interestingly, large enterprises that tend to pay the most for IT skills in general are most likely to have these security skills deficits. For example: • 18% of mid-market organizations (i.e. less than 1,000 employees) organizations say they have a problematic shortage of information security skills as compared to 26% of enterprise organizations (i.e. more than 1,000 employees). I also looked at the data by the size of overall IT budget. In this analysis: • 16% of organizations with IT budgets of less than $5 million say they have a problematic shortage of information security skills • 21% of organizations with IT budgets of more than $5 million/less than $50 million say they have a problematic shortage of information security skills • 36% of organizations with IT budgets of more than $50 million say they have a problematic shortage of information security skills ESG is not the only organization to recognize the security skills shortage. The Center for Strategic and International Studies (CSIS) published similar research about the security skills gap in the Federal sector. As I recall, CSIS said that the Feds have about 1,000 highly skilled cybersecurity professionals proficient in security analysis, forensics, and incident response. Unfortunately, it has the immediate need for at least 10,000. This skills gap impacts us as a society – all of our on-line data is at risk. We need more cybersecurity training, programs, and funding as soon as possible. The longer we wait, the greater the risk.

Join the discussion
Be the first to comment on this article. Our Commenting Policies