Heightening demand for cyber expertise alongside a shortage in personnel is exacerbating the skills gap. Businesses are lacking the skilled cyber professionals they need to patch the gap eroding their cyber resilience. According to the Department of Culture, Media and Sport (DCMS) report, ‘Cyber security in the UK labour market 2022’, demand for UK cybersecurity personnel jumped 58% last year, while demand for “cyber-enabled” roles increased by 66%.
A problematic fissure in the line of defence
The DCMS report found that the labour shortfall has more than tripled and estimates that 44% of vacancies were “hard to fill”, up from 37% in 2020. Yet the global cybersecurity workforce needs to grow by 65% in order to successfully defend businesses against cyber-attacks, according to the latest (ISC)2 cybersecurity workforce study. This glaring disparity is causing problematic fractures in businesses’ cyber defences. Malicious actors are alert to new opportunities and there’s a growing opportunity for them to successfully shift their attention towards under-resourced mid-sized businesses struggling to keep pace with security demands.
In fact, the (ISC)2 report revealed that over half of UK businesses have a basic cyber-security skills gap. A third have more advanced skills gaps. In the past 12 months, 49% have struggled with issues with technical cyber skills gaps, both among existing personnel (20%) and among new applicants (45%). This causes problems in responding to and shutting down a cyber threat. There is also a skills gap in areas of operational security management and implementing secure systems. Something which hinders an organisation’s ability to build up their cyber defences and effectively prepare for attack.
Stretched beyond capacity
At the same time as battling a skills shortage, small security teams are being stretched beyond capacity, intensifying the pressure security staff are under. Our report, The UK Mid-Market on Code Red Report, revealed nearly seven in ten (69%) mid-sized businesses have three people or fewer in their team looking after cyber security, which means that one in ten (11%) don’t have the time or capacity to investigate as many as 50% of the alerts they receive every day. This inability to respond to cyber threats is compounded by the unmanageable portfolio of point products that most organisations employ. Our report found that the average mid-market firm typically use an average of 24-point products.
Between each point product lies a security gap that cybercriminals can exploit. Meanwhile, the ability of short-staffed cybersecurity teams to protect against complex threats is stymied by alert overload, incompatible dashboards and difficulty integrating new systems with existing defences. The high intensity nature of dealing with cyber threats is causing many to leave their positions. The ISACA report found that 45% of cybersecurity professionals surveyed cite stress as their main reason for leaving their role.
The price to pay
The growing shortage in skills and talent is directly affecting businesses’ ability to remain secure. The (ISC)2 cybersecurity workforce study revealed that staff deficiencies were resulting in misconfigured systems, tardy patching of systems, lack of oversight, insufficient risk assessment, lack of threat awareness and rushed deployments.
The damage to organisations’ cyber resilience must be addressed and businesses need to take action with a single, integrated platform that addresses the issues of cyber fatigue and mitigates the security skills gap. With this approach, security can be driven by an integrated, cloud-based platform to relieve the pressure on understaffed teams and enable organisations to minimise gaps in their security.
Restructure defences: platform over portfolio
Consolidating security with a coordinated approach makes cybersecurity easier to manage. Crucially, it helps your business take action to support overwhelmed security professionals. Introducing a platform that is straightforward to implement and easy to scale ensures organisations are able to restructure their security defences quickly and efficiently. Security teams are able to reduce their workload through automation, updates can be automatically deployed, and rules and policies created to control responses.
A unified approach also allows businesses to move away from running expensive and time-consuming siloed point products. It provides organisations with a single tool that’s simpler to use, easier to manage, and reduces the need for manual intervention. In addition, there’s the ease of reporting, transparency on all incoming threats, and the ability to have a holistic view of your entire security ecosystem in one place.
Staff shortages and high staff turnover are here to stay. The pressure security teams are under mean it’s becoming harder and harder to train and retain vital security talent. And it’s stopping organisations from building effective cyber resilience. A consolidated platform fixes the human resource problem in cyber security. It allows security teams to do more with less. While future-proofing defences by giving businesses the ability to manage a rapidly evolving threat landscape in a sustainable way.