Cyber risks are steadily increasing due to skills shortages

by

Reading time: minutes ( words)
Cyber risks are steadily increasing due to skills shortages

Why cyber resilience is at the top of the list of strategic business objectives

There is currently a shortage of more than three million cybersecurity experts worldwide to close existing security gaps in companies. The shortage of skilled workers has a firm grip on the IT security industry worldwide - and despite all efforts, companies around the world are not succeeding in recruiting qualified employees in sufficient numbers. As a result, existing security teams are overworked - and cybercriminals are shamelessly exploiting the opportunity. Read this article to find out why cyber risks are once again increasing significantly due to the shortage of skilled staff and how companies are trying to close the staff gap.

"Skilled professionals are key to cybersecurity"

Fortinet's annual Cybersecurity Skills Gap Global Research Report summarises year-on-year comparisons and trend analysis in IT security. In 2022, cybersecurity challenges have significantly intensified, according to one of the key messages of the latest report. Starting with the exponential growth of new ransomware variants and a massive increase in attacks on operational technologies (OT) such as networked machines and systems, to new methods such as malware-as-a-service (MaaS), cybercriminals are leaving no security gap untouched in order to reach their target. Companies are trying to counter cyber attacks with automation and modern security solutions. What is increasingly coming into the focus of those responsible is the "human factor". According to the Fortinet study, more and more CEOs and board members are recommending that the existing IT security staff be significantly increased. Qualified employees are the key to cyber security - decision-makers have long recognised this. The problem is that certified specialists are more than scarce. Or to put it another way: the labour market for IT security experts is virtually empty worldwide.

Findings of the study

Skilled professionals are key to cybersecurity

Fortinet's annual Cybersecurity Skills Gap Global Research Report summarises year-on-year comparisons and trend analysis in IT security. In 2022, cybersecurity challenges have significantly intensified, according to one of the key messages of the latest report. Starting with the exponential growth of new ransomware variants and a massive increase in attacks on operational technologies (OT) such as networked machines and systems, to new methods such as malware-as-a-service (MaaS), cybercriminals are leaving no security gap untouched in order to reach their target. Companies are trying to counter cyber attacks with automation and modern security solutions. What is increasingly coming into the focus of those responsible is the "human factor". According to the Fortinet study, more and more CEOs and board members are recommending that the existing IT security staff be significantly increased. Qualified employees are the key to cyber security - decision-makers have long recognised this. The problem is that certified specialists are more than scarce. Or to put it another way: the labour market for IT security experts is virtually empty worldwide.

What can be deduced from the results of the study?

The most important results of the study

The Fortinet study offers deep insights into the status quo of the global security situation:

  • 84% of all companies surveyed had one or more security incidents in the last 12 months.
  • 29% of companies had at least 5 cyberattacks - up from 19% in the same period last year.
  • 68% of companies say they expect more security incidents because their own cyber defence staffing is too thin.
  • 56 % of the companies have difficulties recruiting suitable employees.
  • 90 % of all managers prefer employees with technology-based certifications.
  • 40 % of companies have difficulty recruiting qualified women, members of minorities or military veterans for their cyber security teams.
  • Only 83 per cent of companies now say they consider their own diversity goals when hiring professionals, down from 89 per cent in the same period last year.

 According to the study, cyber attacks are not only becoming more frequent, but also significantly more expensive. While in 2021, 38 percent of the companies surveyed were still confronted with security incidents that cost more than one million US dollars to rectify, by 2022 this figure had already risen to 50 percent. A reversal of the trend is not to be expected, on the contrary: 65 percent of the decision-makers surveyed said they feared a further increase in costly cyberattacks in 2023.

Talent shortage on all fronts

IT security managers currently face two problems. Not only are they having great difficulty finding suitable staff, but they are also finding it increasingly difficult to retain IT security specialists over the longer term. The greatest need for specialists currently exists in the areas of cloud security, cyberthreat intelligence and malware analysis. Specific roles that remain unfilled in more and more companies are experts in cloud security, security operations and network security.

The big question that many companies are asking themselves is: How can they find skilled workers under these conditions - and how can they retain talent in the long term?

The solution: qualification, diversity, corporate culture

The report recommends a three-point plan as a way out of the skilled labour crisis:
1) Modern, technical and highly automated solutions to counter complex threats in real time.
2) Expert teams that have the skills and knowledge to effectively combat cyber threats.
3) A corporate culture that involves every single employee in the security concept.

Be it when hiring new employees or in existing security teams: More and more managers are recognising the relevance of certifications that demonstrate expertise in IT security. High-performance certifications not only improve technical competence, but above all provide a deeper understanding of how one's own skills can be used in the company. Quite "incidentally", further education, training and courses have an important additional benefit: They can strengthen employee loyalty to the company and thus counteract the brain drain or significantly increase employee loyalty.

This also emerges from the Fortinet report: managers continue to focus on diversity in recruitment. Nevertheless, attracting underrepresented groups to work in cybersecurity remains a challenge worldwide. Women in particular will still be in a significant minority when it comes to cybersecurity jobs in 2023. The same is true for minorities in the population. The third part of the solution is in the hands of corporate executives, CEOs and boards. Because with an established, strong security culture, awareness of cyber attacks and their risks can be significantly increased throughout the workforce. And the better the cyber hygiene is trained in a company, the fewer attack surfaces there are for cyber criminals!

Conclusion

Addressing the skills shortage

The Fortinet Report 2023 shows: The skills shortage has become one of the biggest security risks in IT security worldwide. Due to the acute frequency of cyber attacks, the available security teams are reaching their limits. Cyber criminals take advantage of this to further increase the intensity and quality of their attacks. There is no all-clear in sight for the future, on the contrary. Almost all experts interviewed in the study assume that cyber attacks will continue to increase in the future.

As measures against the shortage of skilled workers, two approaches in particular can be derived from the study. On the one hand, companies must invest even more intensively and extensively in the further training and thus qualification of their existing employees - not only to expand their skills, but above all to bind the experts to the company sustainably and in the long term. On the other hand, the search for talent must take place where recruitment is currently still far too rare.

Need help upgrading your IT security for 2023? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back