The fourth annual Life and Times of Cybersecurity Professionals report from ESG and the Information Systems Security Association (ISSA) is out and available for free download here. The report is chock full of great data. Here are some highlights that point to lingering challenges that dedicated cybersecurity professionals face:
- The cybersecurity skills shortage is getting worse. I focused on this in my last blog post. Seventy percent of organizations say they have been impacted by the cybersecurity skills shortage and 45% of survey respondents say that things have gotten worse over the past few years. Furthermore, 58% of cybersecurity professionals say their organization should be doing somewhat or significantly more to address the cybersecurity skills shortage. What can be done? Better hiring practices, more realistic job requirements, improved training — lots of stuff.
- Cybersecurity awareness training remains inadequate. Despite the business impact of cybersecurity AND the skills shortage, most survey respondents don’t believe their organization provides the right level of cybersecurity training. Thirty-six percent of respondents reported that they thought that their organizations should provide a bit more cybersecurity training, while 29% believe their organizations should provide significantly more training. Cybersecurity professionals should make sure that business managers are aware of this problem and understand the ramifications. Without better and more frequent training, all the cybersecurity technology in the world won’t really matter.