Trellix finds workforce shortage impacts 85% of organisations’ cyber security posture

Trellix, the cyber security company delivering the future of extended detection and response (XDR), conducted new research into the talent shortage afflicting the cyber security industry. Among the key findings, 85% of those surveyed believe the workforce shortage is impacting their organisations’ abilities to secure increasingly complex information systems and networks, while almost a third (30%) of the current workforce plans to change professions in the future. 

“Our industry is already 2.72 million people short.[1] Cultivating and nurturing a cyber security workforce for our future requires expanding who we view as talent and changing our practices across the public and private sectors,” said Bryan Palma, CEO of Trellix. “Closing the cyber security talent gap is not only a business imperative, but important to national security and our daily lives. We need to remove barriers to entry, actively work to inspire people to do soulful work and ensure those in the field are retained.”

Carlo Bolzonello, South Africa country lead for Trellix.

---

The findings are based on a Vanson Bourne survey, commissioned by Trellix, of 1 000 cyber security professionals in several countries around the world, including Brazil and India across a variety of sectors.

“The research addresses global issues that affect businesses and governments everywhere in the world, with South Africa public and private sector organisations being increasingly vulnerable to cyber attacks due to a distressing lack of skills and emigration rate,” says Carlo Bolzonello, country lead for Trellix in South Africa. “The industry offers great opportunities for people with varied backgrounds – analytical and inquisitive people learn the ropes quickly and build successful careers quickly.

“The research highlights the major issues that have led to the skills gap that impacts the sector so much,” Bolzonello adds.

More education is needed. As threats from nation-state actors and cyber criminals grow in volume and sophistication, the worldwide shortage of cyber security professionals grows as well. While some countries like Russia and China invest deeply in nurturing cyber security talent through state-funded education, many nations are without dedicated programmes. Trellix sought to understand education levels and attitudes of professionals and found over half (56%) believe that degrees aren’t needed for a successful career in cyber security. The survey also found:

• Support for development of skills (85%) and with certifications (80%) were selected as highly or extremely important factors for the industry to address to expand the workforce.
• Efforts to promote cyber security careers (43%), encouraging students to pursue STEM-related careers (41%) and further funding support (39%) were most likely to be ranked within the top three areas that would attract people to work in the cyber security industry.
• Ninety-four percent state that their employers could be doing more to encourage community mentoring programmes with a presence in K-12 schools.

Diversity drives better outcomes. When it comes to encouraging more people to consider a career in cyber security, respondents reported inclusivity and equality for women (79%), diversity of the cyber security workforce (77%) and pay gaps between different demographic groups (72%) as highly or extremely important factors for the industry to address. Of the cyber security professionals surveyed, 78% are male, 64% white and 89% straight, and a large majority of respondents (91%) believe there needs to be wider efforts to grow the cyber security talent pool from diverse groups. Additional findings include:

• Most respondents (92%) believe greater mentorship, internships and apprenticeships would support participation of workers from diverse backgrounds into cyber security roles.
• Eighty-five percent note a lack of understanding of the varied opportunities available in cyber security limits the number of those working within a cyber security profession today.
• Those surveyed believe their employers could be doing more to consider employees from non-traditional cyber security backgrounds (94%) and 45% report having previously worked in other careers.

Cyber security is soulful work. The survey found the vast majority (94%) believe the role of those working in cyber security is greater now than ever before and a similar number (92%) report cyber security as purposeful, soulful work that motivates them. However, cyber security professionals are hungry for recognition, with 36% noting they feel a lack of acknowledgement for the good done for society and of those looking to leave the field, 12% say it is due to lack of feeling appreciated. The survey discovered:

• More than half (52%) report working within cyber security because it’s progressive and evolving and because they enjoy exploring challenging new trends.
• Forty-one percent report cyber security is continuously growing in relevancy and roles will always be accessible as a reason for staying in the profession.
• Around one in five (19%) also note they value doing something to help society for the greater good.

Trellix recently released its In the Crosshairs: Organizations and Nation-State Cyber Threats report, which found organisations report limited cyber security skills and a need for support to recruit and train additional staff as barriers to protect themselves against nation-state cyber threats. Trellix also recently published Path to Cyber Readiness – Preparation, Perception and Partnership, which notes in-house cyber skills issues were reported by 49% of US government agencies.

Additional resources

• Blog: Trellix Survey Findings: A Closer Look at the Cyber Talent Gap

[1] (ISC)² Cybersecurity Workforce Study, 2021

Source: Trellix