Business Issues -> Security & Risk
Released: 25th February 2013
2013 Global Information Security Workforce Study finds that hactivism, cyber-terrorism and state-sponsored acts among list of top security concerns, yet two-thirds of CISOs feel short-staffed, resulting in frequent and costly data breaches
London, UK – February 25, 2013 – (ISC)2® (“ISC-squared”), the world’s largest not-for-profit information security professional body and administrators of the CISSP®, today released the results of its sixth Global Information Security Workforce Study (GISWS) in partnership with Booz Allen Hamilton, conducted by Frost & Sullivan. The study of more than 12,000 information security professionals worldwide (3,229 from the Europe/Middle East/Africa region) reveals that the global shortage of information security professionals is having a profound impact on the economy and is driven by a combination of business conditions, executives not fully understanding the need for security, and an inability to locate qualified information security professionals.
The report finds that hactivism (43 percent), cyber-terrorism (44 percent), and hacking (56 percent) are among the top concerns identified by respondents, yet more than half – 56 percent – feel their security organisations are short-staffed. Many organisations (15 percent) are not able to put a timeframe on their ability to recover from an attack, even though service downtime is one of the highest priorities for nearly three-quarters of respondents. The data concludes that the major shortage of skilled cyber security professionals is negatively impacting organisations and their customers, leading to more frequent and costly data breaches.
“Now, more than ever before, we’re seeing an economic ripple effect occurring across the globe as a result of the dire shortage of qualified information security professionals we’ve been experiencing in recent years,” said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)². “Underscored by the study findings, this shortage is causing a huge drag on organisations. More and more enterprises are being breached, businesses are not able to get things done, and customer data is being compromised. Given the severity of cyber espionage, hactivism, and nation-state threats, the time is now for the public and private sectors to join forces and close this critical gap. We must focus on building a skilled and qualified security workforce that is equipped to handle today’s and tomorrow’s most sophisticated cyber threats.”
The GISWS finds that there is also a major shortage of software development professionals trained in security and that application security vulnerabilities still rank highest among security concerns – a trend identified in the 2011 GISWS. Threats from malware and mobile devices are also at the top of the list, and cloud security, Bring Your Own Device (BYOD), and social networking are all reported as major concerns in terms of newer security threats on the horizon.
“This survey shows that we need to rethink our approach to the skills challenge. We need to look at the problem from the top down, not the bottom up, starting with end users (including the general public), moving on to application and systems development security, as well as tackling the more traditional areas of securing the infrastructure,” said John Colley, CISSP, managing director, (ISC)2 EMEA. “Without doing this, we will never solve the threats presented by mobile devices, cloud security and BYOD. It is disturbing to see that application vulnerability is the top concern, while only 12 percent of information security professionals are involved in it. We need to take a holistic view of the challenge, adopting a cooperative and concerted effort across academia, government and the information security profession to curtail the problem.”
Some of the other key findings from the study include:
“Security is an organisation-wide responsibility, with information security professionals serving as the beacon of knowledge and security stewardship," states Michael Suby, Stratecast VP of Research at Frost & Sullivan and author of the report. “Information security professionals are constantly on the front lines, having to adapt to an ever-changing threat and IT landscape. They are also in a strategic position to educate business leaders as to why and how security is critical to all areas of the business. As the GISWS reveals, the need for more skilled and qualified security professionals to deal with the onslaught of sophisticated cyber-attacks that organisations are facing on a daily basis, is real and acute. If we continue to let this skills gap grow, the economy will undoubtedly suffer.”
“Booz Allen recognises the need for highly skilled professionals to meet demands of the growing digital enterprise. It takes a combination of people, process and technology to combat the evolving threat landscape, while at the same time, embrace the opportunities that come with cloud computing, social media and BYOD,” commented William Stewart, senior vice president at Booz Allen Hamilton. “This study reinforces the incredible need for a strong cyber workforce, particularly since security professionals increasingly have a seat at the board table, influencing decisions that impact business operations.”
Likely the largest study of the information security profession ever conducted, the 2013 GISWS was conducted in the fall of 2012 through a Web-based survey. Since its first release in 2004, the study gauges the opinions of information security professionals and provides detailed insight into important trends and opportunities within the information security profession. It aims to provide a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression, and corporate attitude toward information security that is of use to companies, hiring managers, and information security professionals. The full study can be found here: https://www.isc2cares.org/IndustryResearch/GISWS/.
Additional data specific to vertical-markets will be made available later this year.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761