IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Study finds companies are mishandling cyber security recruitment

Recruiters wrong-footed as skills shortage mounts

Companies are sabotaging their cyber security efforts with a mixture of poor recruiting and training practices, warned a report from the Information Systems Security Association and tech advisory company the Enterprise Strategy Group today. 

The 2021 edition of the Life and Times of Cybersecurity Professionals report found the skills shortage in this sector is as bad as ever. Of the 489 cyber security professionals surveyed, 44% said it had worsened, while half said it was around the same over the past few years. 

The cyber security skills shortage is contributing to workplace stresses for cyber security professionals, who singled out an overwhelming workload as the third most stressful issue. Six in 10 reported an increasing workload on existing staff, with roughly the same number highlighting an effect on work/life balance, and just over a third reporting an unhealthy level of job-related stress. 

The top two stress factors were dealing with IT projects created with no security oversight and dealing with disinterested business managers. 

Companies having difficulty finding cyber security staff would ideally train the ones they have to make them more productive. This was a priority for 91% of cyber security professionals, who felt that failing to update their skills put them at a disadvantage when protecting their organizations. Yet six in 10 felt job requirements stop them from updating their skills. 

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

The answer is to carve out more time for training in staff schedules, the report advised. 

The experience of recruits is a related problem. One in three respondents said their organizations were forced to hire and train junior employees rather than experienced candidates, as the latter were hard to find. 

Recruitment teams are a factor in the failure to hire experienced staff and often misstep when hiring cyber security pros, the report warned. There is no shortage of job offers, with recruiters soliciting 70% of respondents at least once per month. However, those recruiters often don't understand the sector, and the job offerings are poor. 

A lack of competitive compensation was a common complaint, which is a problem given it is the second-highest indicator of job satisfaction. Unrealistic job postings, such as demanding too much experience and too many certifications, were another common problem. This means new security postings often remain unfilled for weeks or months. 

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022
Xerox CEO John Visentin dies unexpectedly aged 59
Careers & training

Xerox CEO John Visentin dies unexpectedly aged 59

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022