An estimated 1 million information-security staff and managers are needed to fill the current global demand, according to Cisco’s 2014 Annual Security Report. The shortage of IT security talent is real and likely to accelerate in the near future as the number of devices that are connected to the Internet continues to expand. The International Information Systems Security Certification Consortium (IISSCC) has calculated that more than 300,000 cybersecurity professionals are needed to maintain and manage the increasing complexity of information business systems. The IISSCC reports that a shortage of security experts with leadership and communications skills poses a direct challenge to global organizations.
According to a report by the Center for Strategic and International Studies, and sponsored by information security firm McAfee, global cyber-crime was estimated to cost individuals, companies and government between $375 billion and $575 billion in 2013, and could be a factor in the loss of more than 200,000 jobs in the United States alone. It’s not as if the threat was unexpected; IT professionals have been warning of the pending shortage and its impact on business systems for years.
Many organizations are understaffed when it comes to qualified cybersecurity professionals or employ staffs that are lacking in experience and necessary skill sets to combat an increasing number of breaches of system security. Most organizations need to carefully evaluate their existing IT security team to identify weaknesses in individual skills and provide necessary training and updated tools to bolster their security team’s capabilities. In some cases, outsourcing the responsibility for security may help in areas where the internal security team is particularly challenged. Organization leaders should consider the pending IT security skills shortage when making decisions on business processes, applications and device support.
The magnitude of some recent breaches of company data has had a major impact on the financial well-being of the affected organizations. As a result, the responsibility for making decisions concerning the company’s security info structure is steadily gravitating up the chain of the management hierarchy. Implementing a culture of compliance, offering advanced training and increased support for security functions is important to better prepare a company for the inevitability of the next cybersecurity breach.