Large businesses are struggling to attract skilled IT security experts are paying up to three times more to recover from a cyber security incident.
For a third of businesses, the improvement of specialist security expertise is one of the top three drivers for an additional investment in IT security, the report by Kaspersky Labs said.
The report combines the results of the survey with input from Kaspersky Lab’s experts and representatives of major universities. It shows that overcoming the lack of skills and shortage of talent in cyber security is a major challenge for companies.
The growing demand is not easy to meet, the report said, due to a lack of available specialists and increasingly complex requirements.
According to Kaspersky Lab’s own recruitment managers, on average only one applicant out of 40 (2.5%) meets the strict criteria for an expert position.
The research shows that 90% of companies looking to hire cyber security professionals in 2016 said it was difficult to find the right candidates for the jobs on offer.
However, the challenge is not limited to technical know how. According to Kaspersky Lab, the need for security managers is even greater.
In addition to deep technical knowledge, managers’ duties include communication with top management and overseeing the overall strategy, which are qualities that are especially important for large companies, the report said.
Higher education institutions recognise the need to revise their courses, but, at the same time, acknowledge the challenge of embedding security-oriented thinking into those courses.
The IT industry continues to evolve at a rapid pace, the report said, but notes that despite the obvious advancements in IT education, most graduates are not ready to help companies in ramping up security immediately.
Overall, the Kaspersky Lab report said 68.5% of companies polled expect an increase in the number of full-time security experts, with 18.9% expecting a significant increase in headcount.
Higher education is an important part of fulfilling such a demand, the report said, but this is also a call for a change in the security industry itself.
Security suppliers need to help universities with relevant experience and adapt research and development efforts towards the effective sharing of intelligence with corporate customers in the form of threat data feeds, security training and services.
A proper combination of security controls and intelligence, the Kaspersky Lab report said, will help corporate security teams to spend less time on regular cyber security incidents and focus on strategic security development and advanced threats.
Solving the different challenges of threat prevention, the detection of targeted attacks, incident response and prediction, said Levtsov, requires a lot of flexibility.
The report concludes that the problem of talent shortage will be solved through the efforts of education, evolution of the industry and adoption of intelligence sharing models.