ESG Research Suggests Cybersecurity Skills Shortage Is Getting Worse

Each year, ESG does an annual global survey on the state of IT – the business value of IT, new IT initiatives, areas of concern, etc. This year’s research is based upon a survey of 620 IT and cybersecurity professional across all industries, with respondents working in North America and Western Europe.

ESG asks respondents to identify areas where they have a “problematic shortage” of skills on an annual basis. Once again in 2018, survey respondents say that cybersecurity represents the biggest area where their organizations have a problematic shortage of cybersecurity skills. The #2 response was IT architecture/planning, and the #3 response was server/virtualization administration.

Topics: Cybersecurity IT Spending Intentions skills shortage

Cutting Through Endpoint Security Marketing Hype is a Challenge for Buyers and Vendors Alike

Endpoint security is a fast-paced, dynamic market right now. The amount of funding, M&A, and general product development is moving at what can feel like a blurring speed, and separating the facts from the marketing language can be a challenge.

For a thought experiment, imagine for a moment you are a CIO/CISO/equivalent in charge of the security budget.  You are a little behind, maybe updating from an AV-only environment to a more advanced endpoint solution. How do you go about selecting a vendor? How do you begin quantifying your organizational needs? 

Topics: Information Security endpoint endpoint security IT Spending Intentions skills shortage

Cybersecurity Skills Haves and Have Nots

I’ve written a lot lately about the cybersecurity skills shortage. For example, 25% of organizations claim that they have a problematic shortage of IT security skills. On an industry basis, 36% of government agencies say they have a problematic shortage of IT security skills, followed by 29% of manufacturing companies, and 28% of financial services firms.

ESG often builds a segmentation model as part of its research projects to further analyze survey data. The segmentation model divides the total survey population into 3 distinct groups: Advanced organizations (i.e., those with the most cybersecurity resources and strong security policies and processes), progressing organizations (i.e., those with marginal cybersecurity resources and adequate security policies and processes), and basic organizations (i.e., those with fair/poor cybersecurity resources and inadequate security policies and processes). Typically, advanced organizations make up around 20% of the survey population, progressing organizations represent around 60% of the survey population, and basic organizations account for the remaining 20%.

Topics: Cybersecurity Information and Risk Management Security and Privacy Security Enterprise skills shortage CISO NIST