An information security study has revealed that 41% of companies worldwide are experiencing a shortage of qualified cybersecurity professionals.
The study by Kaspersky, a global cybersecurity and digital privacy company, which surveyed 1,012 InfoSec professionals in 29 countries across Asia-Pacific, Europe, the Middle East, Turkey, Africa (META) region, North, and Latin America, found that 41% of companies globally are facing this challenge.
However, the issue appears to be even more acute in the META region, where 43% of companies are understaffed in the cybersecurity domain, one of the highlights of the study revealed at the recent Kaspersky Cyber Security Weekend.
Across various industries, the government sector emerges as the most affected, with 46% of InfoSec roles remaining unfilled. This is followed by the telecoms and media sectors at 39%, and retail & wholesale as well as healthcare at 37%. These vacant roles contrast the demand for cybersecurity professionals.
Who’s affected by declining cybersecurity experts?
Among the most affected positions are malware analysts and information security researchers. This shortage comes at a time when cyberattacks are becoming increasingly frequent and more complex, thereby leading to a demand for skilled information security professionals in the field, while the number of such professionals meeting the company’s requirements and level of expertise is declining.
According to Kaspersky, research conducted by cybersecurity companies and international organizations has highlighted this lack of InfoSec professionals. The (ISC)2 cybersecurity workforce study, for instance, revealed a gap of almost 4 million InfoSec workers globally in 2022.
Across various industries, the government sector emerges as the most affected, with 46% of InfoSec roles remaining unfilled. This is followed by the telecoms and media sectors at 39%, and retail & wholesale as well as healthcare at 37%. These vacant roles contrast the demand for cybersecurity professionals.
Vladimir Dashchenko, Security Evangelist at ICS CERT, Kaspersky, while commenting on the challenges faced in addressing this shortfall, said that to reduce the shortage of qualified InfoSec professionals, companies offer high salaries, better working conditions, and bonus packages, while also investing in up-to-date training with the latest knowledge.
However, Dashchenko said, the research results show that these measures are not always enough. The growth rate of the domestic IT market in some developing regions is changing so rapidly, the labour market cannot manage to educate and train the appropriate specialists with the necessary skills and expertise in such tight deadlines. On the contrary, regions with developed economies and matured businesses do not report such an acute shortfall of InfoSec professionals as their rates are below the market average.
In light of these findings, Kaspersky experts have recommended several measures to mitigate the negative consequences of the global cybersecurity staff shortfall.
Firstly, by adopting Managed Security Services, companies can utilize services such as Kaspersky Managed Detection and Response (MDR) or Incident Response to protect against cyberattacks and incidents without the need for additional hiring.
Also, investing in cybersecurity courses for staff will help keep them updated with the latest knowledge and skills necessary to defend against evolving cyber threats.
Furthermore, using interactive simulators like the Kaspersky interactive ransomware game can help IT departments simulate and practice responses to cyberattacks, thereby enhancing their preparedness and decision-making abilities.
Without adequate measures to bridge this gap, companies risk leaving themselves vulnerable to these cyber threats.
