IT skills shortage relates to 71% in the area of cybersecurity

Sophos's latest study on cybersecurity-as-a-service (CSaaS) shows that almost a third (29%) of the IT managers surveyed stated that they have too few IT employees to guarantee comprehensive protection of their IT infrastructure. Conversely, however, this also means that 71% of those responsible report that they have sufficient IT staff available. This distribution roughly describes the situation across different company sizes.

There is a shortage of IT security specialists, especially in banks and insurance companies

There are clear sector-specific differences with regard to the shortage of IT specialists. While 43% of banks and 42% of insurance companies report such a shortage, the proportion is significantly lower in the industrial sector at 23% and in retail at just 9%. Industries with sensitive data in particular are frequent targets of targeted and highly specialized cyber attacks. These sectors therefore require specialized IT security personnel who, in addition to technical know-how, are also familiar with the industry-specific risks and requirements.

Where there is a shortage of skilled workers, 71 percent lack IT security expertise and 40 percent lack network administration expertise

The shortage of IT employees affects many different areas in the company. For example, 71% of companies that report a shortage of IT specialists lack employees specifically for IT security. In addition, 40 percent of companies lack employees for network administration. In more than a third (35%), there is also a need for experts in application development, particularly in Java and Python. This shows that the skills shortage is not just limited to the area of IT security, but extends across various IT disciplines.

The size of the IT team is a decisive factor in a company's ability to protect itself against cyber attacks and ensure an efficient IT infrastructure. In more than a quarter of the companies surveyed (27%) that have sufficient IT staff, the IT infrastructure is managed by 21 to 50 IT employees, and in 24% by 11 to 20 IT employees. Unsurprisingly, this shows that the number of employees responsible for IT tends to increase with the size of the company.

One possibility: other ways of recruiting

Chester Wisniewski, Field CTO at Sophos, argues that one possible solution to the challenges of hiring specialist staff is to make recruitment more flexible than before. "I'm not convinced that the gap is as big as many studies would have us believe," he says. "I think we need to be more open-minded when recruiting security experts by increasing the diversity of our potential applicants. I know many young people who have worked as software engineers, data protection officers or IT staff, as well as people with a social science background - all of whom are currently finding it difficult to get into the IT security industry. And this is despite the fact that they have experience in other areas and training in the field of security. Of course, previous professional experience in IT security is important, but it is currently a major exclusion criterion that we cannot afford. People with a passion for our work who bring in their previous experience can enrich us and will help us to close these gaps and lead to better results in the long term."

Another solution: CSaaS - external expertise

An all-encompassing cybersecurity approach requires specialized IT personnel who take care of the security of the IT infrastructure at all times. In the event of an IT staff shortage, Cyber Security as a Service (CSaaS) offers an efficient approach to ensuring comprehensive IT security without internal staff. Companies can benefit from the expertise of specialized security experts and ensure the best possible protection for their IT infrastructure. Cybersecurity as a Service (CSaaS) offers companies the agility they need to counter the diverse and constantly changing threats. They can use this externally sourced support to outsource a crucial part of their cybersecurity and optimize and modernize the protection of their existing IT infrastructure.

While 35% of the companies surveyed in the study are currently implementing CSaaS, 46% are already using this service, and they emphasize the positive effects: Of companies that have faced cyberattacks and use Cybersecurity as a Service services, 46 percent report having been able to respond swiftly and quickly get back to their normal operating processes. In each case, 45 percent emphasize better isolation and prevention of further damage as well as better access to specialized expertise and advanced technologies.

Source: www.sophos.com