The latest Kaspersky survey found that 48% of companies require over half a year to find a qualified cybersecurity professional. A lack of proven experience was cited as one of the biggest challenges, along with the high cost of hiring and global competition in talent acquisition.
With global labor markets continue clamoring for InfoSec professionals, the latest Kaspersky research revealed 41% of companies admit their cybersecurity teams are understaffed. ‘The portrait of the modern Information Security professional’ survey seeks to evaluate the current state of the labor market and analyze the exact reasons it lacks cybersecurity experts. The study also identifies the skills and characteristics bosses demand when hiring staff.
Respondents say it takes more than six months to fill an average cybersecurity position. As expected, recruitment for senior level positions takes the longest, with 36% of companies saying it requires almost a year or more, while junior jobs can be filled in the shortest time – one to three months, according to 42% of respondents. These figures are alarming since companies that operate for long periods of time without the necessary staff are at huge risk, as the absence of cybersecurity personnel provides cybercriminals ample opportunity to penetrate business infrastructure and damage business processes.
When asked about the biggest challenges in finding and hiring the ‘right’ InfoSec professional, the majority of respondents cited a discrepancy between certification and real practical skills (52%) and lack of experience (49%) emphasizing that proven professional expertise is one of the most important characteristics companies are looking for searching in a cybersecurity practitioner.
The high cost in hiring these specialists is an obstacle for 48% of companies, and global competition, expressed through aggressive and competitive hiring practices by multiple organizations, bothers more than 41% of respondents. Figures like these show that, even if a company finally finds candidates who meet all the requirements, it doesn’t mean that they will work for that company, as in such a competitive environment, other organizations may headhunt them, so the hiring process could continue indefinitely.
‘Companies often spend a lot of time not only on the hiring process, but also on additional training for the team, in attempts to grow necessary specialists within the company, with the right knowledge and skills. This strategy is usually effective for large enterprises with significant budgets on Information Security and for organizations that have to comply with many local and industry-specific regulations. As for small and medium-sized businesses, it’s usually recommended to outsource cybersecurity tasks to managed service providers (MSP), managed security services providers (MSSP) and Managed Detection and Response (MDR) vendors because they help such companies close talent gaps in a short time and with minimum costs’, comments Ivan Vassunov, VP, Corporate products, Kaspersky.
