SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Half of firms struggling to hire cybersecurity experts
Wed, 13th Mar 2024

Latest survey results from cybersecurity firm Kaspersky have revealed that it takes almost half of global companies over six months to find a suitably qualified cybersecurity professional. Moreover, 41% of organisations admit to being short of cybersecurity staff, amid challenges that include a mismatch between certification and practical skills, and lack of employee experience.

The study, commissioned by Kaspersky to evaluate the state of the labour market and analyse potential reasons for the shortage of cybersecurity experts, found that nearly half (48%) of organisations need more than six months to find a qualified cybersecurity professional. This process is typically hindered by a lack of real-world experience and credentials that do not translate effectively into the workplace. The high costs associated with hiring, as well as fierce global competition, also contribute to delays in the hiring process.

Lengthy recruitment periods put companies at significant risk, with information security roles in particular leaving a dangerously exposed gap in an organisation's defences. Findings reveal it takes an average of six months or more to fill such a position, with senior roles often remaining vacant for almost a year or more, according to 36% of companies. More junior jobs, however, can be filled within one to three months, as reported by 42% of respondents.

The survey further revealed that the top challenges for employers in the recruitment process include a disparity between theoretical qualifications versus practical skills (52%), and lack of experience (49%). The cost of hiring a specialist in the field was cited as an obstacle for 48% of organisations, while 41% reported difficulties due to aggressive and competitive hiring strategies from other companies.

Ivan Vassunov, Kaspersky's VP for Corporate Products, commented, "Companies often spend a lot of time not only on the hiring process, but also on additional training for the team, in attempts to develop a diverse workforce within the company, with the right knowledge and skills. As for small and medium-sized businesses, it's usually recommended to outsource cybersecurity tasks to managed security services providers (MSSP) because it helps them close talent gaps in a short time and with minimum losses."

To combat the shortage of cybersecurity staff globally, Kaspersky experts recommended adopting managed security services for additional expertise without increasing headcount. This strategy also aids in protection against cyberattacks and can help investigate incidents when a company's cybersecurity staff is lacking. Regular staff education on current cyber risks and investment into further employee training is also suggested. Using centralised and automated solutions can further relieve the burden on IT security teams and minimise the risk of errors.