Study: 82% of organisations expect a cyber attack; 35% are unable to fill open jobs
RSA Conference USA 2015.
According to a study by ISACA and RSA Conference, 82% of organisations expect to be attacked in 2015, but they are relying on a talent pool viewed as unable to handle complex threats. Thirty-five percent are unable to fill open positions, according to State of Cybersecurity: Implications for 2015, a study conducted by ISACA, a leader in cyber security, and RSA Conference, organisers of cyber security events.
Based on a global survey of 649 cyber security and IT managers or practitioners, 77% experienced an increase in attacks in 2014, and 82% view it as likely or very likely that their enterprise will be attacked in 2015. At the same time, these organisations are coping with a shallow talent pool. Only 16% feel at least half of their applicants are qualified, and 53% say it can take as long as six months to find a qualified candidate.
The top attributes of an ideal cyber security professional include practical experience and certifications.
"The study reveals a high-risk environment that is made worse by the lack of skilled talent," said Robert E Stroud, CGEIT, CRISC, international president of ISACA. "ISACA is working to close this gap through resources designed specifically to meet the unique and complex requirements of the cyber security profession."
The report explores recent issues such as hacks, attacks, flaws, security structures, budgets and policies.
"The survey findings reflect what we are hearing from our speakers and attendees," said Fahmida Y Rashid, editor-in-chief, RSA Conference. "The conference brings together professionals, experts and executives to share information about the latest attacks and security strategies."
Organisations are experiencing attacks that are largely deliberate, and they lack confidence in the ability of their staff - less than half feel their security teams are able to detect and respond to complex incidents.
"A silver lining to this crisis is the opportunities for college graduates and professionals seeking a career change. They are responsible for protecting an organisation's most valuable information assets, and those who are good can map out a highly rewarding career path," noted Stroud.
Rashid and Stroud will present the study results at the RSA Conference, 8am PT, Wednesday, 22 April, at the Moscone Center in San Francisco, California.
The report is a free download at www.isaca.org/state-of-cybersecurity-2015. Conducted 20-29 January 2015, State of Cybersecurity: Implications for 2015 is based on online polling of 649 ISACA certification holders and RSA Conference constituents. The survey has +/-3.8 % margin of error at a 95% confidence level.
ISACA (www.isaca.org) is a global association of 140 000 professionals in 180 countries that helps build trust and value from information. Established in 1969, ISACA is the trusted source of knowledge, standards, networking and career development for cyber security, IS audit, risk, privacy and governance professionals.
RSA Conference (www.rsaconference.com) is the premiere series of global events where the world talks security and leadership gathers, advances and emerges. It is the ultimate marketplace for the latest technologies and hands-on educational opportunities that help industry professionals discover how to make their companies more secure while showcasing the most enterprising, influential and thought-provoking thinkers and leaders in security today.
Photos/multimedia gallery available: http://www.businesswire.com/multimedia/home/20150414005299/en/
View this news release and multimedia online at: