Also, 71 percent of respondents report that the lack of security skills does measurable damage to their organizations. One in three say the skills shortage makes their companies more attractive hacking targets. And one in four say that their organizations’ reputations have been damaged, and proprietary data lost, through cyberattack.
The report says that intrusion detection, secure software development, and attack mitigation are the scarcest skills and, not surprisingly, the highest in demand, rather than communication and collaboration skills.
There is a public demand for political leaders to improve security legislation, the report says. Seventy-six percent of respondents said that their government is not investing enough in building cybersecurity talent, and the same amount said cybersecurity laws and regulations are insufficient in their countries.
On the bright side, more than half of those surveyed (55 percent) believe that in five years, security products and services will be able to meet the majority of their organization’s needs. And organizations will be able to respond to talent shortages by expanding their outsourcing of security.
Intel selected eight countries for this study: Australia, France, Germany, Israel, Japan, Mexico, the UK, and the U.S. The findings are based on open source data, targeted interviews with experts, and a survey of IT decision-makers in public and private sectors.
The lack of skills was most prominent in Australia and Mexico, where 88 percent of respondents believe there is a shortage of skills. And cybersecurity jobs in the U.S. pay an average of $6,500 per year more than other IT professions. Because the U.S. spends more on security, companies based there are advantaged in terms of recruiting talent and filling these gaps, according to the report.
Market reports predict that annual global spending on security was between $75 billion and $100 billion in 2015 and is expected to increase up to 16 percent within five years.
The report says that countries can combat the worker shortfall by increasing government spending on cybersecurity education and promoting more cybersecurity exercises and programs in higher education.