Cybersecurity Staffing Shortages Create Economic Ripple Effect

Study finds workforce gaps are leading to more frequent and more costly data breaches.

The expansion of new methods of working -- like bring your own device, cloud computing and social media -- is changing the ways federal agencies and other organizations do business.

At the same time, security surrounding these emerging technologies is a major concern, a problem that is compounded by a significant shortage of information security professionals. The workforce shortage is negatively impacting organizations and their customers, leading to more frequent and costly data breaches, according to new research.  

The new Global Information Security Workforce Study, released Monday by (ISC)2, Booz Allen Hamilton and Frost and Sullivan, found that more than 56 percent of cybersecurity professionals feel their security organizations are short-staffed. Executives lack a complete understanding on the need for security and are not able to locate enough qualified security professionals, leading to more frequent and costly data breaches. This is having a profound impact on the economy, the research found.

“Now, more than ever before, we’re seeing an economic ripple effect occurring across the globe as a result of the dire shortage of qualified information security professionals we’ve been experiencing in recent years,” said Hord Tipton, executive director of (ISC)2.  

The survey of more than 12,000 information security professionals worldwide also found that hactivism (43 percent), cyber-terrorism (44 percent) and hacking (56 percent) were among the top concerns identified. Security concerns also are high for new mobility initiatives like BYOD and cloud computing. Concerns with social media are significantly lower than in 2011, in part thanks to security technologies and policy changes, the study found.

The study also concluded that the information security field is stable and growing, with a projected 11 percent growth annually over the next five years. In addition, more than 80 percent of cyber professionals had no change in employer or employment in the past year, and 58 percent of respondents reported receiving a raise last year.

When looking for a job, information security professionals touted the benefits of having knowledge and certification in their job search. Nearly 70 percent said they view certification as a reliable indicator of competency when hiring, and nearly half (46 percent) of organizations require certification. Sixty percent of those surveyed said they plan to obtain a certification in the next 12 months, with the CISSP certification being the most in-demand.

“Given the severity of cyber espionage, hactivism and nation-state threats, the time is now for the public and private sectors to join forces to close this critical gap,” Tipton said. “We must focus on building a skilled and qualified security workforce that is equipped to handle today’s and tomorrow’s most sophisticated cyber threats." 

The U.S. government-specific results of the study will be featured in a separate report to be released in late March, (ISC)2 said.