Many cybersecurity teams are struggling to keep up with emerging technologies and the challenges around securing their organizations against them because they don’t have the time to undertake the necessary training, a new study has warned.

The research, published by ISC2, asked nearly 1000 cybersecurity leaders from large enterprises around the world how their organization approach cybersecurity team training.

Nearly three-quarters of respondents (73%) said their organization’s security training budget has increased over the past year, as businesses react to the emergence of new technologies and cybersecurity challenges that accompany them.

One of the most encountered new challenges is the rise of AI: almost half of respondents (47%) said that AI is the most pressing skill their organization is addressing or planning to address through training.

However, the study found that despite increased resources, organizations experience barriers around supplying training and upskilling to cybersecurity staff.

Much of this is related to the time employees have available to engage with training.  Nearly all security leaders surveyed (98%) said that their organization allows employees to engage with professional development and training during work hours.

Despite this, just over half of respondents (53%) said that they face challenges which prevented them from engaging with training and professional development during the working day.

The Struggle to Find Time for Cybersecurity Training

Even if organizations support training, the practical realities of day-to-day work often make it difficult for employees to set aside dedicated time to participate in training during standard working hours.

According to those surveyed, other challenges which create barriers to training include keeping training content current and relevant (45%), difficulty finding qualified trainers (39%), a lack of employee willingness to participate in training (37%) as well as a lack of support from leadership or other stakeholders (32%).  

While budgets for training have increased overall, almost a third of cybersecurity leaders (29%) said that they still lacked the budget to provide up-to-date training for their teams.

Nevertheless, despite these challenges, most security leaders reported that their security training programs have been very or extremely effective in improving key processes within their organizations over the past year.

Continuous Training Key to Preparedness

Organizations ought to remember that security training and upskilling programs are not a one-time activity. As technology and cyber threats evolve, it’s important that those primarily responsible for defending the organization against cyber-attacks are provided with the resources and the time to remain prepared.

According to ISC2, the best way to ensure this happens is to specifically make time for employees to engage with training, away from their regular tasks.

“Make that commitment real by protecting dedicated time for training, meaningfully adjusting workloads and equipping managers with the guidance and resources they need to help their teams prioritize learning,” said the report.

“When time is built into the workday and supported by management, security teams may be more likely to take full advantage of training opportunities.”  

The How Enterprises are Strengthening Their Cybersecurity Teams Through Training report was based on 995 responses from cybersecurity leaders at enterprise organizations (5000+ employees) across Canada, Germany, India, Japan, UK and USA.