The real cost of IT security talent shortage
200% premium on recovery costs
Large businesses that struggle to attract sufficiently skilled IT security experts end up paying up to three times more to recover from a cybersecurity incident. This is one of the key findings of the recent report by Kaspersky Lab based on 2016 Corporate IT Security Risks survey conducted by the company in cooperation with B2B International among more than 4000 business representatives from 25 countries including the UAE. Besides the measurable budget impact, a significant share of businesses is observing a growth in wages, a general shortage in expert availability, and the need for more specialists in the field.
Citing complexity of IT infrastructure, compliance requirements and the overall desire to protect business assets, companies are highly motivated to grow their security intelligence. In fact, for a third of businesses, the improvement of specialist security expertise is one of the top three drivers for an additional investment in IT Security. The growing demand is not easy to fulfill due to a lack of available specialists and increasingly complex requirements. Kaspersky Lab employs hundreds of security professionals, and the company’s own recruitment managers report that on average, only one applicant out of forty, meets the strict criteria for an expert position.
But the challenge is not limited to technical know-how. The report quotes Kaspersky Lab’s security experts, who indicate that the need for security managers is even more substantial. On top of deep technical knowledge, managers’ duties include communication with top management and overseeing the overall strategy - qualities that are especially important, and in fact, more appropriate, for large companies. The report adds a final touch to the bigger picture of talent shortage with education challenges.
Success in IT security requires a certain degree of passion for this particular IT field, willingness to constantly selfeducate, and the ability to adapt to an ever-changing threat landscape. Higher education institutions recognize the need revise their programs, and at the same time acknowledge the challenge of embedding security-oriented thinking into a wide variety of IT courses. Overall, 68.5% of companies expect an increase in the number of full-time security experts, with 18.9% expecting a significant increase in headcount. Higher education is an important part of fulfilling such a demand, but this is also a call for a change within the security industry itself.