Each year, ESG does an annual global survey on the state of IT – the business value of IT, new IT initiatives, areas of concern, etc. This year’s research is based upon a survey of 620 IT and cybersecurity professionals across all industries, with respondents working in North America and Western Europe.
ESG asks respondents to identify areas where they have a “problematic shortage” of skills on an annual basis. Once again in 2018, survey respondents say that cybersecurity represents the biggest area where their organizations have a problematic shortage of cybersecurity skills. The #2 response was IT architecture/planning, and the #3 response was server/virtualization administration.
What’s especially alarming is the steady growth we’ve seen over the years:
Oh, and in each of these years, cybersecurity was consistently the largest problematic skills shortage area.
This data aligns with the results of the 2017 ESG research project with the Information Systems Security Association (ISSA). In the ESG/ISSA study, 70% of cybersecurity professionals claimed that their organization was impacted by the cybersecurity skills shortage, with ramifications like an increasing workload on cybersecurity staff, the need to hire and train junior personnel rather than experienced cybersec pros, and a situation where the cybersecurity team spends most of its time dealing with the emergency Du Jour, leaving little time for training, planning, strategy, etc. (Note: This report is available for free download here.)
Based upon ESG research, other industry research, and lots of discussions with CISOs and cybersecurity professionals, I can only conclude that the cybersecurity skills shortage is getting worse. Given the dangerous threat landscape and a relentless push toward digital transformation, this means that the cybersecurity skills shortage represents an existential threat to developed nations that rely on technology as the backbone of their economy, critical infrastructure, and society at large.
The cybersecurity skills shortage impacts organizations of all sizes, industries, and geographies. This means that CISOs should consider the implications of the skills shortage in every decision they make. Smart CISOs are doing their best to cope with this situation by:
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions