New study shows skills gap exists among cybersecurity professionals

New research from BAE Systems finds a gap between the number of skilled cybersecurity professionals and the number of available positions in corporate America.

The BAE study says 50 percent of businesses claim there is a lack of staff with the required security skills and expertise. Further, 40 percent of companies said they do not have adequate training to capture best practices from experienced staff for more junior employees.

The research also discovered that 37 percent of mid-sized organizations are still investigating security alerts manually, while 7 percent are doing nothing with the warnings they receive.

“A lack of skilled cybersecurity resources is leaving essential work undone, and putting Americans at risk,” Colin McKinty, vice president of Cyber Security Strategy with BAE Systems Applied Intelligence, said. “Alerts go ignored because there are too few team members, and if one of those alerts indicated suspicious activities that could lead to a legitimate threat of an imminent breach, the company has now lost critical time to secure its corporate and customer data, and protect its reputation.”

To address the skills gap, 43 percent of the organizations surveyed are planning to train up existing staff, while 36 percent plan to grow their team. Further, 42 percent of IT professionals plan to buy additional tools while 54 percent are seeking security monitoring tools that identify existing vulnerabilities and high priority incidents. Also, 54 percent are looking to reduce the time between a breach and when the incident is reported.

Among large companies with over 500 employees, 78 percent said they are satisfied or very satisfied with their current tools with only 7 percent expressing dissatisfaction. However, at mid-sized companies, 17 percent are dissatisfied with their existing solutions. Specifically, 37 percent of mid-sized businesses are manually investigating all logs and alerts.

“Identifying cyber risks is complex and time-consuming, and every day there is the risk of missing serious attacks before they cause significant impact, compromising company information, and the larger implications and costs associated with a high-profile breach,” McKinty said. “The future of security technology is real-time. Businesses need to be confident that attacks and risks on their network are being identified as they happen, without the need for large, dedicated security teams, or time-consuming manual investigations of alerts.”

The survey, conducted in November 2017, polled 600 IT decision-makers in the U.K. and the United States, from organizations with between 250 and 9,999 employees, in a variety of sectors.