Information security body highlights skills shortage

25 Feb, 2013

(ISC)2 claims shortage of information security professionals is causing an economic ripple across the globe.

A lack of trained information security professionals is causing problems for both organisations and their customers, leading to more frequent and costly data breaches, according to research carried out by professional body (ISC)2.

The not-for-profit organisation spoke to over 12,000 people working in the information security space for its sixth annual Global Information Security Workforce Study (GISWS).

It found that, while attacks were growing in number and have a greater potential impact on the organisation, 56 per cent of respondents felt their security organisations are short-staffed.

Richard Nealon, a director at (ISC)2, told IT Pro: “We see a profile of attack that seems to be growing and what the motivation is for that is many and varied, but organisations are under an amount of threat that we as information security professionals have to be capable of reacting to.”

However, the intensity and complexity of the attacks are increasing Nealon claims.

“Information security professionals do not feel we are as able to react to the attacks in the same way we were a year ago, so we find ourselves less comfortable in being able to manage those attacks,” he said.

Nealon said the reason for the shortage is threefold: the ‘aging population’ of security professionals, the increasing number and complexity of attacks, and the lack of new recruits to the industry.

“The average experience of an information security professional in the UK is 12.5 years and our average age is 43 – and it is getting worse every year,” said Nealon.

“We need more people coming in to meet the demands we are facing at the moment, but we are not actually getting new young [people through] into the profession.

"New recruits are in a ‘Catch-22’ situation, where it is hard to get into the profession without experience, but it is hard to get experience without being in the industry.

"Secondly, we are not seen as an exciting business to be in, but that is because people do not really know what we do. So we need to promote the profession as a good place in which to work,” he said.

The full 2013 report and archived reports are available from the (ISC)2website.