3 in 5 firms struggle with shortage of cybersecurity pros

More than 40% of companies worldwide are facing a shortfall of qualified cybersecurity professionals, and mostly among malware analysts and information security (InfoSec) researchers, according to recent Kaspersky study.

Findings show that as the frequency and complexity of attacks increase, and the demand for InfoSec professionals in business grows, the number of practitioners meeting a company’s requirements for skills and level of expertise is declining. 

Kaspersky’s research, dubbed “The portrait of modern Information Security professional,” involved a survey of 1,012 InfoSec professionals from the Asia-Pacific (APAC), Europe, and the META (Middle East, Turkiye and Africa) region as well as North and South America.

The study found that 41% of the companies polled describe their cybersecurity teams as “somewhat” or “significantly understaffed.” Russia reported the largest cybersecurity staff shortage, followed by Latin America, APAC and META.

Overall, the respondents said the most understaffed roles are InfoSec research and malware analysis with more than 40% of companies named them the hardest to fill in. The increased demand for these positions was reported by Europe, Russia and Latin America.

Security Operations Center (SOC), security assessment and network security professionals are slightly less understaffed at 35% and 33% respectively. The shortage of SOC experts was particularly noticeable in APAC, while the shortage of Security assessment and network security analysts is mainly a concern in META.

Looking at cybersecurity needs across industries, the government sector reported the highest demand for cybersecurity practitioners, and admitted that nearly half (46%) of the InfoSec roles it required remain unfilled. 

The telecom and media sectors are understaffed by 39% followed by retail and wholesale, and healthcare with 37% of its roles remaining vacant.

Industries that had the fewest InfoSec vacancies are IT (31%) and financial services (27%), but the figures still hovered close to one third.

Vladimir Dashchenko, security evangelist at Kaspersky, said that in order to reduce the shortage of qualified InfoSec professionals, companies offer high salaries, better working conditions and bonus packages, while also investing in up-to-date training with the latest knowledge. 

However, the research results show that these measures are not always enough. 

“The growth rate of the domestic IT market in some developing regions is changing so rapidly, the labour market cannot manage to educate and train the appropriate specialists with the necessary skills and expertise in such tight deadlines,” said Dashchenko.

“On the contrary, regions with developed economies and matured businesses do not report such an acute shortfall of InfoSec professionals as their rates are below market average,” he added.