Largest association of certified cybersecurity professionals enables IT pros to more quickly attain SSCP certification and help defend against threats. Survey of 3,300 IT professionals finds cyber skills gap exacerbated by firms failing to upskill IT staff. Most IT workers say their security advice is ignored, only 35 percent say their advice is acted upon. CEO David Shearer, CISSP – (ISC)².

Firms focusing on recruitment instead of cybersecurity training for existing staff:

• 51 percent of organisations are less prepared for a cyber attack than 12 months ago
• 49 percent of respondents say business leaders lack of understanding of cyber threats. (ISC)² makes it easier for IT workers to obtain SSCP cybersecurity certification in response to current industry needs

A survey of 3,300 IT professionals by (ISC)² has revealed that widespread under-funding in training in-house IT talent is contributing to the critical cybersecurity skills gap. The report shows that businesses are exposing themselves to cyber threats by ignoring and neglecting IT professionals, with 65 percent of IT workers reporting their security advice is not followed. Almost half of IT workers say their firms do not invest sufficiently in ensuring their IT staff are security-trained, despite a shortage of cyber security workers across 63 percent of businesses.

This indicates that the cyber skills deficit is rooted in businesses failing to listen to advice from IT staff and upskill in-house talent. The report suggests this is a leadership issue, with 49 percent of respondents accusing business leaders of a failure to understand cybersecurity requirements. The result, according to the report, is that majority of companies are even less able to cope with a cyber attack than they were last year.

In February 2017, (ISC)² found that the cybersecurity skills gap will grow to 1.8m by 2022 if current hiring and training trends continue. The latest research is based on responses from more than 3,300 IT professionals from around the world who participated in the 2017 Global Information Security Workforce Study.

Key findings from surveyed IT professionals include:

• 43 percent said their organisation doesn’t provide adequate resources for security training
• Only 35 percent agreed their security suggestions are acted upon
• 55 percent said their organisation doesn’t require IT staff to earn a security certification
• 63 percent said their organisation has too few security workers
• 51 percent of organisations are less prepared for a cyber attack than 12 months ago
• 49 percent blame business leaders for lack of understanding of cyber threats

51 percent said their systems are less able to defend against a cyberattack compared to a year ago. Hiring managers rank communication skills (62 percent) and analytical skills (52 percent) as their top priority, while IT pros cite cloud computing and security (64 percent), and risk assessment and management (40 percent) as top skills needed.

“Our findings suggest too many organisations are fixated on their inability to attract top cybersecurity expertise that they often overlook a tremendous pool of talent already on staff and intimately familiar with their infrastructure and processes,” said (ISC)² CEO David Shearer, CISSP. “The quickest way for many organisation to protect themselves against cyber threats is through continuous education and empowerment of their IT team. Security is a shared responsibility across any organisation, but unless IT is adequately trained and enable to apply best security practices across all systems, even the best security plan is vulnerable to failure.”