The IT security skills shortage is a serious problem

The IT security skills shortage is a serious problem

A shortage of experienced IT security personnel has been a serious problem for the great majority of organizations for at least the past five years. It is the single most serious barrier to establishing effective defenses against cyberthreats.

Just like last year, the greatest unfilled demand is for security administrators, who have the critical job of installing, configuring, and maintaining security tools and infrastructure Four out of 10 organizations (40 1%) can’t find enough (see Figure 10 – photo above).

One in three organizations can’t find enough IT security analysts, operators, or incident responders (33 2%) The shortfall was slightly less than in the previous survey, when it was 35 0% Almost one-third of organizations are short of IT security architects and engineers (32 4%), essentially the same as a year ago.

Rounding out the roles were application security testers (28 5%), DevSecOps engineers (28 0%), and risk and fraud analysts (24 0%) The deficit of application security testers and DevSecOps engineers worsened from the previous survey, probably the result of a turn toward building security into applications rather than relying entirely on perimeter defenses.

Skills shortage trend

Figure 11 (below) shows the percentage of organizations suffering from a shortfall of skilled IT security personnel in at least one role over the last five years. The trend is clearly upward, although surprisingly, the percentage fell somewhat in this survey, from 87 0% to 84 1%.

However, that lower number is comparable to the percentages in the two previous years, and still represents more than five out of six organizations.

Also, in some countries 90% or more of organizations couldn’t fill jobs in at least one category: South Africa (90%), Colombia (90 9%), China (93 9%), Singapore (94 0%), and Japan (100% !!!)

One explanation for this year’s leveling off is that more organizations are turning to managed security services providers (MSSPs) to outsource one or more security tasks Statistics about the usage of MSSPs are shown on page 46. (See the picture below the last paragraph of the article).

Of the major industries, the highest percentage of organizations with staffing issues were in education (91 1%), healthcare (88 0%), retail (86 7%), finance (86 7%), and telecom and technology (85 4%) Government (81 6%) and manufacturing (78 7%) are in slightly less dire straits (see Figure 12).