Cybersecurity skills shortage leads to increased risk of data breaches
In this exclusive guest article, Ekaterina Khrustaleva, COO of application security company ImmuniWeb, looks at the risk of data breaches posed by a cybersecurity skills shortage.
The ever-evolving threat landscape creates new cyber risks for organisations and private businesses that can present a great challenge even for the most professional security teams. An effective cyber security program and skilled cyber workforce can help an organisation combat existing and emerging cyber threats. However, there is a problem – businesses worldwide are continuously facing an increasing shortage of cybersecurity professionals, and hiring and keeping qualified cybersecurity talent remains a top issue.
The cybersecurity skills shortage can lead to inadequate cybersecurity, and, as a result, a higher risk of data breaches. In fact, a recent survey showed that a staggering amount of organizations worldwide (80%) have experienced data breaches that have been directly linked to a lack of adequate cybersecurity skills and/or awareness. Globally, 64% of organizations experienced breaches that resulted in lost revenue and/or fines during the past year, and 38% of respondents said breaches cost them more than $1 million.
60% of organizations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees. Meanwhile, seven out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges.
Hackers have formidable technical skills and virtually unlimited resources and are capable of invisibly penetrating large corporate or governmental networks without triggering an alarm.
The real problem, amplified by the pandemic, is technology and cybersecurity students and recent graduates who cannot find a decent job in the industry because of unprecedented lockdowns. They have sufficient technical skills to join cyber gangs and leverage their proficiency for criminal hacking. A high income combined with low risks are dizzily attractive: the new criminals will face a strong temptation to stay on the dark side even once the pandemic is over.
Employers in most developing countries cannot compete with lavish cyber gangs, who are ready to pay up to tenfold remuneration to young talent. Rapidly growing inequality in our society will likely exacerbate the problem, foster a global cyber skills shortage and elevate cybercrime to unprecedented heights.
Over the past years, the world has seen quite a few sophisticated, destructive cyberattacks like the WannaCry or NotPetya ransomware outbreaks, indicating a dire need for better protection against such incidents. However, there is still a cybersecurity workforce gap of nearly 2.72 million cybersecurity professionals. Although the shortage has been steadily decreasing year over year, a 2021 study revealed that the global cybersecurity workforce needs to grow 65% to effectively protect organizations’ critical assets.
The report also notes that pathways to cybersecurity are changing. While 47% of cybersecurity professionals have an IT background, more than half of professionals got their start outside of IT— 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education and 15% explored cybersecurity concepts on their own.
According to another report, 62% of security teams worldwide are understaffed, and 63% of organizations have unfilled cyber security positions, up 8% from 2021. What’s more, one in five organizations surveyed said it takes more than six months to find qualified cyber security professionals for open vacancies, and 60% of respondents reported difficulties retaining qualified staff.
Among the top reasons why cybersecurity professionals are leaving their jobs are being recruited by other companies (59%), insufficient salary or bonus (48%), limited promotion opportunities (47%), high-stress levels (45%), and lack of management support (34%).
Addressing this shortage
The cybersecurity skills shortage can be, in part, remedied by adopting a more inclusive approach to closing a significant gender gap. Despite the decades-long push for more women in cybersecurity roles, they still hold only a little over 20% of the global cybersecurity workforce, with 86% of cybersecurity teams comprised mostly of men.
The problem is that there are not enough female role models in cybersecurity and encouragement to pursue science, technology, engineering and mathematics (STEM) careers. For that reason, many women who are considering a cybersecurity career don’t know how to break into this mostly male-dominated world. Yet, a more diverse talent pool can offer innovative, non-traditional ideas that help understand hacker attacks better and build an efficient defence mechanism against them. In fact, a survey showed that gender-diverse teams make better business decisions 73% of the time.
Furthermore, closing the skills and gender gap by encouraging more women to consider a career in tech would benefit both organizations and global economies. Experts estimate that solving the gender gap would boost the US economy by $30 billion, with a further $12.5 billion added if women earned as much as their male colleagues.
There are still barriers to success for women working in tech, but companies can help women to advance in their careers by providing their teams with ongoing support when they need it. The support should be proactive, not reactive when a person is already demotivated by strangling alone with a complex dilemma. Continuous education is also a vital element for career advancement, so providing the team with internal or external education will pave the way to leadership and success.
A study revealed that 83% of professionals believe that there is an opportunity for women in cybersecurity, however, less than half of female respondents (44%) believe they are sufficiently represented in the industry. It can widen the gender gap by discouraging women from entering the cybersecurity field. In addition, 54% of women say that there is gender bias in the industry that results in unequal pay and support, and limits women’s career options.
According to a recent survey, a fifth of businesses across the US and Europe fell victim to a cyber-attack that rendered them insolvent, a 24% increase compared to 2021. Almost half of respondents (48%) admitted that they suffered a cyber-attack over the past 12 months, and over 87% of businesses worldwide are viewing compromise as a bigger threat to their financial health than an economic downturn and skill shortages.
So, it’s not surprising that organizations are seeking ways to strengthen their cybersecurity to reduce risks and potential financial losses. This may include a robust cybersecurity strategy, regular security risk assessments, and a skilled cybersecurity team able to combat cyber threats.
Due to the skills shortage, businesses can’t always hire security professionals to strengthen their workforce, so it makes sense to invest in security awareness programs that help employees identify threats and respond to them in the most effective manner, keeping themselves and their company safe.