IT security skills
Grasping the extent of a problem is the first step to solving it. New research examines the IT skills shortage and how it affects organizations large and small.
59% of respondents were not completely sure that their networks have not been hacked, and 52% of businesses agree that their security will be compromised at some point.
Only 15% of the talent in an IT department of a large company is dedicated to security. For SMBs with a team of 16 IT pros, there were two security experts.
Of 69% of businesses that expect to increase their IT security staffs, 19% think their IT security departments will grow significantly (27% of enterprises and 22% SMBs), with 4.1% expecting their headcount to double over the next three years.
Half the respondents (50%) say they have already seen wages for IT security professionals rise.
Even though nearly half (46%) are looking to hire additional security personnel, 48% also say there is a shortage of IT security talent that they can hire.
Large businesses that feel confident about their IT security team development pay $100,000 to $500,000 to recover from a single breach. Companies that admit a certain amount of insecurity in attracting new talent end up paying from $1.2 million to $1.47 million.
A significant portion of the recovery costs is due to additional staff wages—$14,000, on average, for SMBs, $126,000 for enterprises—with companies spending more on hiring external experts and paying overtime for their own teams.
Four in 10 (40%) of companies cite increased infrastructure complexity as a major driver for increasing IT security budgets. A full 62% of large companies and 59% of SMBs will continue investing in IT security, regardless of the ability to measure returns.
Businesses are still cautious when it comes to employing external security consultants to audit the companies’ level of protection from cyber-threats. Only 26% of companies polled say this approach is effective. But 72% of businesses that suffered from damaging attacks discovered them, thanks to external audits.
In three years, companies are looking to invest 60% of their IT budgets on protection approaches beyond prevention.