Professionals Across the Globe Agree: Governments Don’t Invest Enough in Cyber


And one in three thinks the cyber shortage makes their organizations more vulnerable to attack.

A global lack of cybersecurity talent could make nations more vulnerable to cyberattack, and governments aren't doing enough to fill that gap, a new report finds.

About 33 percent of respondents to a recent survey — spanning eight nations — said a cyber skills shortage does “direct and measurable damage” to their organizations, according to a joint report compiled by Intel Security and Washington think tank the Center for Strategic and International Studies. The majority, 76 percent, said they didn’t think their governments were doing enough to recruit a better workforce.

The survey tapped hundreds of executives in various countries including the United States, the United Kingdom, France, Germany, Australia, Japan, Mexico and Israel. The scarcest skills overall were “intrusion detection, secure software development, and attack mitigation,” the report found. About 71 percent of respondents said that skills shortage makes them “more desirable hacking targets."

The U.S. cyber shortage appears to be less dire than that of Australia or Mexico. In those countries, almost 90 percent of respondents said there was a skills gap, compared to a little more than 80 percent of U.S. respondents. Only about 70 percent of U.K. respondents reported a shortage. In 2015, the U.S. had about 209,000 unfilled cybersecurity jobs, according to a Stanford University Journalism program’s analysis of Bureau of Labor Statistics data.

A lack of cyber education may be one root cause, the report found. Only 7 percent of the top universities in surveyed countries had an undergraduate degree in cybersecurity, and about a third offered master’s degrees.

Respondents estimated that about 15 percent of open cyber positions would go unfilled by 2020; the ones in Japan and Mexico appeared to be the most concerned about not filling that gap, the report found. Japan, Mexico and France also ranked lowest in opportunities for cybersecurity education.