Cybersecurity Skills Gap is Widening as Breach Costs Rise

Multiple studies reveal a cybersecurity skills shortage that comes right as the cost of breaches hit record highs for organizations.

Leave a Comment

There is a cybersecurity skills gap in the workforce that is continuing to have a negative impact on over half of large organizations, and companies are getting hit hard financially from data breaches which have cost $4.24 million per incident, which represents a 10% increase over 2020.

VentureBeat has detailed these stats and many other findings based off of separate reports released by IBM and the Information Systems Security Association (ISSA). The reports highlight many challenges the cybersecurity industry is facing with the pandemic accelerating digital transformations.

Related: The SolarWinds Breach and the Cascading Effects of a Cyber Incident

The ISSA, in partnership with the Enterprise Strategy Group (ESG), published its fifth annual global survey of cybersecurity professionals and IBM launched its 17th annual Cost of a Data Breach report with the Ponemon Institute.

The cybersecurity skills gap is widening and its impacts have not shown any signs of improvement over the last couple few years and 44%of professional say it has gotten worse, with a major factor being the lack of “appropriate” compensation. Thirty-eight percent of respondents cited this as their main reason.

On top of this, there are 4.07 million unfilled cybersecurity positions around the world, according to an International Information System Security Certification Consortium study, which also projects that the industry will triple in size by 2022, which could exacerbate the problem.

Cybersecurity professional don’t have well-defined careers and can find themselves working in security without a complete skillset and many executives don’t understand the role of information security. This leads to cybersecurity leaders being forced to take on advocacy roles to develop talent on their staff.

The 2020 ISSA and ESG surveys showed that “growth activities” were the missing steps in cybersecurity professionals’ careers, and these activities can be anything from mentorship, certifications, internships, to being part of a professional organization.

IBM found that shifting to remote work led to more expensive data breaches, which cost over $1 million more when remote work played a role in the breach.

The industries that suffered the most expensive data breaches were health care, the financial sector, the pharmaceutical industry, all of which exceeded $5 million.

“Compromised user credentials were most common root cause of data breaches,” IBM reported in the VentureBeat article. “At the same time, customer personal data like names, emails, and passwords was the most common type of information leaked — a dangerous combination that could provide attackers with leverage for future breaches.”

IBM also found that “modern” security approaches with AI, security analytics, and encryption being the mitigating factors as they saved large organizations an estimated $1.25 million to $1.49 million. Organizations that adopted the zero-trust philosophy also has a much lower cost of data breaches.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!