Security Talent Shortage Hurts Business
Organizations with few full-time security experts pay three times more to recover from a cyber-attack than businesses with in-house experts.
48% of the businesses surveyed admitted that there is a shortage of cyber-security talent, and 46% reported a growing demand for more of these specialists.
33% of the businesses said improving specialist security expertise is one of the top three drivers for an additional investment in IT security.
Large enterprises with few full-time security experts pay almost three times more to recover from a cyber-attack than those with in-house expertise: $1.2 million to $1.47 million versus $100,000-$500,000.
A significant portion of cyber-attack recovery costs is used for additional wages for hiring external expert help. The average cost: $126,000 for enterprises and $14,000 for small businesses.
69% of companies expect an increase in the number of full-time security expert, and 19% expect a significant increase.
POS exploits: 46%, Zero day exploits: 41%, Hactivist activities: 38%, DDoS attacks: 37%, Third-party cloud breaches: 37%,
Higher education is needed to fulfill the demand for more security experts, but there’s also a call for changes in the security industry. One solution is to aid universities with relevant experience.
Another solution involves sharing intelligence with corporate customers in the form of threat data feeds, security training, and services to develop strategic security in the wake of advanced threats.
Businesses tend to focus on prevention technologies and pay less attention to threat detection and response. But in three years, companies expect to invest 60% of their IT budgets on protection approaches beyond prevention.
The report recommends building new security solutions with intelligence in mind and ensuring that new findings about the evolving threat landscape are shared with everyone involved.