Researchers Warn of Security Expertise Shortage

By Matt Hines  |  Posted 12-14-2006
Businesses are increasingly being put at risk of failing compliance audits and struggling with other security-related efforts, as demand for employees capable of managing such projects is outpacing the supply of qualified candidates.

According to a new research report published by the Department of Management at the LSE (London School of Economics) and sponsored by security software maker McAfee, businesses worldwide are reaching a "compliance breaking point" as an increasing number of regulations make it harder for them to stay ahead of auditors.

The report's findings are based surveys conducted with IT executives, financial officers and compliance specialists at large companies located around the globe.

While the lack of adequate help is currently most severe in the United States, where the government has been more aggressive in creating new directives such as the Sarbanes-Oxley Act, which is aimed at forcing companies to do a better job of policing workers' handling of sensitive information, the shortage of highly skilled security expertise will soon come to a head in other nations that are in the process of applying new rules, researchers said.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.

Based on that reality, more companies will find themselves in the newspaper headlines as a result of data breaches and related sanctions handed down by regulators, said Dr. Jonathan Liebenau, a senior lecturer in Information Systems at LSE's Department of Management, who conducted the report.

The report also contended that a large number of companies rely on a very small pool of internal talent for handling compliance and security projects, making it extremely difficult for those firms to replace their specialized workers when employees jump ship. While McAfee, Symantec and others are pushing the outsourcing of compliance efforts as an alternative, the LSE report said, that model fails to supply support comparable to having well-trained expertise in house.

Read the full story on eWeek: Researchers Warn of Security Expertise Shortage