According to a Kaspersky study, over 40% of global companies are grappling with a shortage of qualified cybersecurity professionals.
The scarcity is most pronounced among malware analysts and information security researchers. As cyberattacks become more frequent and intricate, the demand for InfoSec experts is rising, but the supply of skilled practitioners is dwindling. Another study by (ISC)2 revealed a staggering 4 million InfoSec workers’ workforce gap in 2022.
Kaspersky’s research surveyed 1,000+ InfoSec professionals globally, with 41% of companies reporting their cybersecurity teams as understaffed Russia faces the most significant shortage, followed by Latin America, APAC, and META region.
The most understaffed roles in companies are Information Security Research and Malware Analysis, with over 40% of companies finding them the most challenging to fill. Europe, Russia, and Latin America report increased demand for these positions.
Security Operations Center (SOC), Security Assessment, and Network Security professionals face slightly less understaffing, at 35% and 33%, respectively. Notably, APAC experiences a shortage of SOC experts, while META regions grapple with a lack of Security Assessment and Network Security analysts.
Threat Intelligence roles, though scarce, remain in high demand, accounting for 32% of vacancies.
Examining the cybersecurity requirements across various industries, the government sector stands out with the highest demand for cybersecurity professionals. Astonishingly, nearly half (46%) of the InfoSec roles it requires remain unfilled. The telecom and media sectors follow closely, with a 39% understaffing rate, while retail & wholesale and healthcare grapple with 37% of their roles remaining vacant.
In contrast, the IT industry reports 31% of InfoSec vacancies, and financial services fare slightly better at 27%. However, even these figures are concerning, as they still hover around one-third of the required positions.
To address this shortage, companies are adopting strategies such as offering competitive salaries, improving working conditions, and providing bonus packages. Additionally, investments in up-to-date training with the latest knowledge are being made. Despite these efforts, research indicates that these measures alone may not suffice. The rapid growth of the domestic IT market in some developing regions poses challenges, as the labor market struggles to educate and train specialists with the necessary skills and expertise within tight deadlines. Interestingly, regions with developed economies and mature businesses experience less acute shortages of InfoSec professionals, as their rates fall below the market average.
To address the global shortage of cybersecurity staff and mitigate its adverse effects, experts recommend the following strategies:
Adopt Managed Security Services: Implement services like Kaspersky Managed Detection and Response (MDR) or Incident Response to gain additional expertise without the need for additional hiring. These services help protect against cyberattacks and investigate incidents even when a company lacks security personnel.
Invest in Cybersecurity Courses: Allocate resources for advanced cybersecurity training for existing staff. With Kaspersky Expert training, InfoSec professionals can enhance their hard skills and effectively defend their companies against attacks.
Interactive Simulators: Use interactive simulators to evaluate your own expertise and decision-making abilities during critical situations. For example, the Kaspersky interactive ransomware game allows you to observe how the company’s IT department deploys resources, investigates incidents, responds to attacks, and makes vital decisions.
Centralized and Automated Solutions: Leverage solutions like Kaspersky Extended Detection and Response (XDR) to reduce the workload on the IT security team and minimize the risk of errors. These solutions aggregate and correlate data from multiple sources, utilizing machine learning technologies for efficient threat detection and rapid automated responses.
