- In the United States, the cybersecurity workforce gap is nearly 500,000.
- The cybersecurity workforce needs to grow by 62% in order to meet the demands of U.S. businesses today.
- The global cybersecurity workforce gap is estimated at 4.07 million, so the global workforce needs to grow by an estimated 145%.
Cybersecurity Teams Under PressureSpoiler alert: our survey revealed that cybersecurity teams are feeling the pressure heavily going into 2020. According to Tripwire’s study, 83% of security experts feel more overworked going into 2020 than they did at the beginning of 2019. That’s easy to understand considering that 82% said their teams were understaffed. And it’s not for a lack of trying; it’s harder to find experienced staff with the right expertise. A large majority (85%) also said that it’s become more difficult over the past few years to hire skilled security professionals.
It's getting harder and harder for organizations to fill open positions on their security teams. Larger organizations, which you might assume have more resources, are experiencing the skills gap issue even more acutely than smaller organizations. It's a challenge to hire the right skill sets – they keep changing along with security, which is always evolving. Nearly all of those we surveyed said the skills required to be a great security professional have changed over the past few years.
Dealing with stress as a cybersecurity practitionerThe responses indicating that security professionals feel overworked and understaffed is interesting to note when considering that more and more sessions on managing work stress and mental health have popped up on the agendas of cybersecurity conferences. In our survey, 93% expressed at least some interest in understanding wellness issues for the cybersecurity industry. Even so, only 19% said their companies provide resources for managing the stress associated with the specific issues of IT security. An additional 59% of organizations said they had work and stress resources in place but that they didn’t pertain to IT security specifically.
CISOs rolling up their sleevesWhile the rise of the CISO has helped to elevate security professionals into top leadership roles at their companies, the survey findings suggest that there’s a need for CISOs to roll up their sleeves and stay involved in the day-to-day operations of the organization. Of the 85% of respondents that said they have CISOs in their organizations, 40% said that their CISOs are not involved enough in day-to-day operations, while 10% believed that their CISOs are actually too involved.
How organizations plan to overcome the skills gap issue going forwardThe survey results showed that these teams will be looking for some outside help to address the skills gap and strain on their teams. A large majority (85%) said managed services are a good option for addressing the security skills gap, and almost half (46%) are planning to use more managed services in 2020. In fact, 60% said they’ve already invested in managed services, and 85% said that they plan to invest in these services in the future. As another option, 85% agreed that security teams will need to hire more people without existing security expertise, with 15% indicating that they would be doing exactly that in 2020. Half (50%) said they would be investing heavily in training their existing staff.
To solve the problems caused by skills gap issues, training and managed services are both good approaches. By partnering with providers, organizations can free themselves from operational work and gain insights that will help inform decisions. And because recruiting and training aren’t always possible, managed services provide businesses a way to augment their teams.You can read the full report from the survey here. In addition, you can click here to learn more about how Tripwire can help your organization do more with less in light of the ongoing skills gap.