Businesses Losing Ground as Cyber Criminals Edge Ahead in Skills Battle
New research commissioned by Symantec Corporation reveals nearly half (48 percent) of cyber security leaders believe their teams are falling behind in the skills race against would-be cyber criminals. This has put increased pressure on an already overloaded profession, with nearly two thirds of cyber security professionals considering either quitting their jobs (64 percent) or leaving the industry entirely (63 percent).
“It is disturbing enough to know the barbarians are at the gate, without knowing the people attempting to defend you are outgunned and burned out. Yet, this is exactly what this new data reveals,” comments Darren Thomson, EMEA CTO, Symantec. “It is hard to overstate the threat posed by an enemy that is learning faster than you are. If organizations value the security of their data and their finances, they must heed this warning and make strategic investments to address this emerging skills gap.”
Surveying 3,045 cyber security decision makers across the across France, Germany and the UK, the ‘High Alert’ study was commissioned by Symantec and conducted by Dr. Chris Brauer and his team at Goldsmiths, University of London. The findings reveal a dire situation that is likely to become worse, before it gets better, as a vicious cycle of overload and stress is hampering professional skills development and decision making.
Just under half (44 percent) of cyber security professionals say their teams lack the necessary skills to combat the threats their organizations face. Over a third (37 percent) report their teams are simply not able to manage the sheer scale of the current workloads.
“I see a huge risk of burnout in today’s industry. Many people are operating at their limit,” says Dr Steve Purser, Head of Core Operations for ENISA and a former financial sector CISO. “When you look at the hours on top of the day job, you don’t have to be a rocket scientist to know that it’s going to take its toll.”
Falling further behind
As cyber security teams struggle to keep pace with would-be attackers and the speed of technological change continues to accelerate, the cyber security talent gap will only grow larger as organizations’ defences grow weaker. The research shows that:
• 46 percent of cyber security professionals report their teams are too busy to keep up with necessary skill development
• 45 percent say technological change is happening too quickly for them and their teams to adapt
• Almost half (48 percent) say attackers now have ‘unprecedented’ resources and support from ‘bad actors’, such as organised crime and state-sponsored hackers
“Cyber security professionals are first responders, locked into a constant arms race with attackers – where talent and skill are the most important weapons,” comments Dr. Chris Brauer, Director of Innovation, Goldsmiths, University of London. “The vast majority find this battle of wits an exciting and deeply intellectual challenge. But, this demanding work comes with high stakes and is fought at a frenetic pace with little support. Add to this the relentless volume of alerts and more mundane tasks, and the job can quickly turn toxic. Highly stressed workers are far more likely to be disengaged and ultimately quit. In an industry already plagued by a skills shortage, this is a significant risk to businesses.”
Taking its toll
The strain being placed on an already limited pool of cyber talent is negatively impacting the security of enterprises and the quality of threat analysis:
• Three in four (78 percent) cyber security professionals find themselves underestimating what is required to properly deal with a cyber security threat or incident
• A similar number (77 percent) find themselves rushing when assessing a threat
• Over two thirds (69 percent) of respondents report feeling responsible for a cyber security incident that could have been avoided
“We’re not going to be able to recruit our way out of the talent gap. A more systemic change has to take place,” says Darren Thomson, EMEA CTO, Symantec. “The cyber security landscape has changed dramatically since today’s CISOs entered the industry. With thousands of threat events happening every second and the complexity of the IT estate growing exponentially, simply keeping pace is a challenge.
“Defensive strategies need to change. Machine augmentation is mission critical, but security leaders must ensure that these tools don’t become part of the problem. Taking steps to reduce the complexity of cyber security, use of cloud-delivered security, increased automation and smart use of managed services can all help to reduce overload and improve retention.”
If you would like to read more - and learn how the latest insights can help cut through today’s cyber security chaos - please download Symantec’s High Alert report, here.
About the Research
The High Alert research study was conducted by Symantec in collaboration with Dr Chris Brauer, Director of Innovation, Goldsmiths, University of London and research consultancy Thread. The research was directed by Dr Chris Brauer and Dr Jennifer Barth and led by Sean Duggan. The German and French figures for the quantitative study are from Censuswide; the UK figures from YouGov.
Survey fieldwork was undertaken in Winter 2018. The research used quantitative methods to measure, define and distinguish the experiences of cyber-security professionals in leadership roles in three countries: France, Germany and the UK. The survey was distributed to 3,045 individuals across France (1,002 respondents), Germany (1003 respondents) and the UK (1,040 respondents) in middle or upper leadership roles, with decision making involvement in cyber-security.
Insights from experienced cyber-security professionals and desk research informed the creation of a survey. The survey consisted of 43 items organised into nine groups of questioning with five-point response scales allowing respondents to self-report within the scope of this specific investigation. The survey also had questions to allow for the collection of demographic data.
About the research partners
Symantec partnered with Dr Chris Brauer, Director of Innovation, Goldsmiths, University of London and research firm Thread, led by Dr Jennifer Barth to explore the challenges faced by cybersecurity professionals. They are experts in creating high impact studies on consumer behaviour, emerging technologies and socioeconomic change. Using a combination of qualitative and quantitative study, they take an in-depth academic approach to solving key challenges facing business.