The number of breaches are on the rise and they’re set to continue to rise due to an apparent shortage of experts trained in cybersecurity.
The Information Systems Security Association (ISSA) teamed-up with IT firm Enterprise Strategy Group (ESG) to produce a report on cybersecurity. Released one year after their first one, the report depicts a problem that is getting worse.
And we should all be very, very concerned about it…
Here are some of the key statistics from participating firms:
- 70% of the study participants indicated a shortage of cybersecurity expert creating a negative effect on the firm
- 62% admit that they are not providing enough data protection training for employees handling personal data. This figure has reportedly increased by 10% in the last 12 months
343 data security professionals were surveyed on their experience with cybersecurity. The results indicated as follows:
- 45% said their organisation experienced at least one security event in the past two years
- 91% believe their firm is vulnerable to an attack or a breach at some point. A worrying statistic that shows that the vast majority of firms do not have the cybersecurity technology – or the right people with the right skills – to prevent a data breach
- 31% blame a lack of data protection training for non-technical employees. Data protection is not just a responsibility for IT experts; all employees should have proper training and follow proper security protocols
- 22% blame breaches on a lack of data security professionals
- 20% blame management for not making cybersecurity a higher priority and failing to invest resources into it
Report author and ESG analyst, Jon Oltsik, addressed the worrying numbers: “The cybersecurity skills shortage represents an existential threat to our national security.” He explained that: “We are not making progress, cybersecurity professionals can’t scale, and the implications of the skills shortage are becoming more pervasive and ominous.”
Organisations appear to still not respect data security and the threat a breach poses. Without that respect, a firm may not prioritise cybersecurity and protecting personal data.
“It is clear that the solution must be about more than filling jobs. It is about creating an environment from the top down of cybersecurity,” adds Oltsik.