A survey by TEKsystems Network Services, a staffing firm, has found that there is a real-world human capital crisis at play for businesses, not just the anecdotal annoyance of being understaffed.
In the study, half of respondents said that they believe the lack of qualified security talent is approaching a state of critical mass, where their organizations are vulnerable to serious risk exposure. This includes very basic skill sets: less than 20% of respondents are very confident their IT organization has an adequate allocation of information security resources in-house for security policy, identity and access management and information risk management skills. Further, more than half say it is difficult to find and source quality talent with these capabilities.
Only 15% of respondents are very confident that they have the security-related skill sets needed to meet evolving threat landscapes.
The issue is of course growing as the breadth and scope of the information security landscape becomes ever more complex. Mobile devices, borderless enterprises, proliferation of unmanaged WiFi and the rise of cloud-delivered everything has made things much more complex than they were when IT infrastructure was housed in on-premise servers running on a physical LAN. As a result, organizations say that, increasingly, they cannot adequately assess their own security needs.
More than 60% in the TEKsystems study said that they believe the growing scope and complexity of IT security make it difficult for their organization to effectively evaluate current security programs and develop comprehensive strategic planning efforts. Worse, the majority of the respondents indicate that their information security teams are too busy handling tactical, day-to-day work to spend an adequate amount of time on critical strategic information security initiatives.
The study is the latest in a string of evidence showing there to be a growing security skills gap. The fact that it exists is not in question; the reasons why are a much larger topic for debate.