The Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) revealed trending data finding that the cybersecurity skills shortage is worsening and becoming a rapidly widening business problem.
The majority of survey respondents (70 percent) continue to believe that the cybersecurity skills shortage has had an impact on their organization – yet these same organizations (62 percent, up almost 10 percent from last year) are falling behind in providing an adequate level of training for their cybersecurity professionals.
Further, the report confirms that the cybersecurity skills shortage is exacerbating the number of data breaches: Forty-five percent of organizations experienced at least one security event over the past two years, and 91 percent of survey respondents believe most organizations are vulnerable to a significant cyber-attack or data breach. The cybersecurity skills shortage represents the top two contributing factors to these security events, with the first being a lack of adequate training of non-technical employees (31 percent) and the second being a lack of adequate cybersecurity staff (22 percent). These are followed by business executive management making cybersecurity a low priority (20 percent).