Large businesses are spending up to three times more than they would to recover from cyber attacks. The reason? Not enough qualified IT professionals.
This is a stat from the Kaspersky Lab 2016 Corporate IT Security Risks report. It is one you should keep in mind next time when you are wondering whether you should invest into training your IT staff or not.
The report is using feedback from more than 4000 small, medium and large companies in 25 countries. For a third of the companies, improving the expertise of their IT security specialists is one of the top three drivers for investments in IT security. Overcoming the lack of skills and shortage of talent in cyber security continues to be big issue.
You may already have the talented people you need
Since it’s going to be very difficult to find the top talent, let alone keeping these people for long, you should also invest in building up your current team. Secure additional trainings that boost their skills and confidence.
If your company hasn’t been a victim of a cyber attack so far, that’s great. But don’t think this will always be the case. It is an unanimous opinion that when dealing with cyber attacks the question is not “if”, but “when”. It is a matter of time before your company suffers a cyber attack. The only thing you can do about it is be prepared as best as you can. This starts with having skilled workers in place to be ready to act.
Cyber security is one of the most complex niches in IT. As a result it lacks enough new talent on the scene as oppose to other devs. Isaca research shows that 90% of companies looking to hire cyber security professionals in 2016 said it was difficult to find the right candidates for the jobs on offer. According to Kaspersky Lab’s own recruitment managers, on average only one applicant out of 40 (2.5%) meets the strict criteria for an expert position, ComputerWeekly notes.
The Kaspersky Lab report said 68.5% of companies polled expect an increase in the number of full-time security experts. Another 18.9% expecting a significant increase in headcount. Even so, many companies are still not paying much attention to cyber security until it is too late and they discover they are a victim.
A whole world of options
What does this mean for the cyber security specialists or the people who are thinking about a career in the field? On the whole it means you should have a lot of opportunities for great jobs and for quite a while. Sadly, not everyone will be spoiled for choice. You will have to build up on skills and become well versed in cyber security to attract the best offers.
If you already have a good job, but you feel your employer is lacking enough focus on IT security, now it is a good time to talk to the management about it. Show them the report, too, if they are not convinced.
52% of businesses agree that their security will be compromised at some point, and they have to be prepared for such events. So far businesses tend to concentrate on prevention technologies and pay less attention to threat detection and response, Kaspersky notes.
The problem of talent shortage like any other cybersecurity problem will be eventually solved. By that time, we will be dealing with much more complicated problems in this field. If you want to be successful in this business you should be prepared to deal with something new. Things that automated systems can’t tackle, Kaspersky says.