Why concern about talent is now a cyber-security issue

Eighty-two per cent of organisations expect to be the subject of a cyber-attack this year, and many are trying to defend against complex threats with unqualified workers or unfilled positions.

A global survey of cyber-security and IT managers shows that just 16% believe that at least half of their applicants are qualified, and 53% say it can take between three and six months to find a qualified candidate. Additionally, some organisations don’t have confidence in their current staff’s cyber-security abilities, according to a survey by international IT trade association ISACA.

With the likelihood of cyber-attacks increasing, organisations must prepare as best they can. These days, according to ISACA’s State of Cybersecurity: Implications for 2015 report, that’s easier said than done. The study “reveals a high-risk environment that is being made worse by the lack of skilled talent,” Robert E. Stroud, international president of ISACA, said in a news release.

A skills gap is shown in the IT managers’ sentiment: 52% believe that fewer than one-fourth of their applicants are qualified, and an additional 32% feel that one-fourth to one-half of applicants are qualified. The biggest gap they see is an ability to understand the business (72%), followed by technical and communication skills deficiencies.

Respondents’ confidence in their security teams comes with conditions. While 87% overall say they are comfortable with their security teams’ ability to identify and respond to incidents, fewer than half of those say that they are confident only if the incident is simple. Thirteen per cent said they were not comfortable with their security team’s ability to detect and respond to incidents.

Companies in general are devoting more money to security budgets, with 56% predicting an increase in 2015 and 33% predicting that budget to stay the same. A strong majority (79%) report that their boards are concerned about cyber-security, shown mainly by enforcing security policy (71%) and providing appropriate funding (63%).

Organisations report a wide variety in the types of data breaches and in the methods used, the survey showed.

Seventy-seven per cent reported an increase in data breaches between 2013 and 2014. The respondents believe that financial gain (33%) is the most common motive, followed by disruption of service (24%), theft of intellectual property (19%), and theft of either classified data or personally identifiable information (12% each).

Related CGMA Magazine content:

“CFOs Increase Spending on Cyber-Security”: A majority of technology CFOs in a new survey have increased their spending on cyber-security, and a broader survey of finance executives shows increased concern about cyber-attacks.

“5 Priorities That Should Dominate Corporate Directors’ To-Do Lists”: Managing reputational risks on a global scale is likely to require more of a time commitment from corporate directors in 2015. To help boards manage their time and agenda, here are five priorities they should address.

—Neil Amato (namato@aicpa.org) is a CGMA Magazine senior editor.