Just how understaffed are cybersecurity teams?

ISACA survey defines worker shortages

Free Colleagues Looking at Survey Sheet Stock Photo

It’s no secret the IT security world is shorthanded. In one of my previous articles, I touched on the services provided by an MSP and why they’re growing in popularity. Once again, it’s because SMBs have a harder time onboarding IT and cybersecurity experts.

A recent 2021 report by ISACA illustrates where we’re lacking in these departments. Organizations find it difficult to hire specialists and keep them, exacerbating the numerous cybersecurity risks encountered in the IT climate. In this report, ISACA surveyed over 2000 tech-reliant companies, meaning they utilized IT resources in minor or major capacity to conduct business operations.

From that survey, quickfire stats show over two-thirds of them could not find or retain cybersecurity and IT professionals. Specifically, 62 percent are “understaffed,” and 63 percent cannot fill cybersec positions. That’s a troubling figure. Even having one trained IT staff member can make a world of difference.

Even if they can find one, however, that process is also an arduous task. When looking for qualified candidates, those surveyed said it takes up to six months to fill a position. Six months in the cyber world is dangerous indeed, when you consider all that happens within even a week.

As an asterisk, it’s important to note these are positions for “qualified” individuals, versus anyone with a general background in cybersecurity. Waterfalling from that, the surveyed companies valued qualified individuals based on credentials (36%), previous hands-on cybersecurity experience (73%), and current training (25%).

Challenges with retention

The difficulties do not end with finding staff. As mentioned, it’s keeping trained experts on board too. Respondents pointed out 60% of their expert hires did not stay with the company long term. Several factors led to this “fallout.”

The highest reported cause for staff loss was experts hired by other companies, totaling 59% of the figure. Other impacts included high-stress levels (45%), low salary and lack of incentive bonuses (48%), limited or no support from management (34%), and limited or no opportunities for promotion (47%).

Beyond retention, surveyed companies reported lack of certain skills and expertise, not just hires but the ones considered needed for general operations. Security controls (34%) and lack of knowledge of cloud computing (54%) contributed to these figures. Given the prevalence and increased need for cloud services, especially within remote environments, these are understandably demanded skillsets.

How are companies working with the problem?

Despite absences and holes in expertise, the need for strong IT infrastructure doesn’t go away. Organizations have to think outside the box to shore up their weak points, or risk malware intrusions and other long-term problems.

Some start by training their staff with good cybersecurity practices, such as recognizing phishing emails and other social-engineering schema. Outside consultation and third-party support was also a factor, through a managed service provider or otherwise.

An interesting figure was a reduced need for university degrees when considered for cybersecurity positions, down by (52%). No doubt, this is to assist in their search for staff with relevant experience.

Why it’s important now

The absence of expertise is certainly felt across every enterprise, network, and organization. Holes in expertise means a network is likelier to experience a short or long term cyberattack. Unfortunately, cyberattacks have only increased since 2021 and show no signs of declining. The ISACA survey discovered an increase in cyberattacks, up from 2021. 40 percent of respondents said they are experiencing a higher rate of attack.

Common intrusion attacks were DDoS, social engineering, and ransomware.

If there was any positive news from the survey, a portion of respondents said their budgets covered cybersecurity and IT needs, and had high-confidence their staff could accurately detect, prevent, and fix intrusion events.

In summation, the need for expertise in the IT and cybersecurity realm are always increasing. The continued rise of ransomware intermixed with the “Great Resignation” have created fault lines in firm defenses. Retention is also difficult, encouraging companies to be flexible in their hiring approach and defense strategies.

We’ve known for a while expert shortages are wide and prevalent within the cybersecurity and IT sector. This survey conducted by ISACA, however, confirm the holes left in employment situations.

If you’re concerned about facing similar shortages or already experience a lapse in expert staff, it’s time to consider an MSP. You can learn about the services Bytagig offers by contacting us today.

-Douglas James

Share this post: