Study finds companies are mishandling cyber security recruitment

Recruiters wrong-footed as skills shortage mounts

Companies are sabotaging their cyber security efforts with a mixture of poor recruiting and training practices, warned a report from the Information Systems Security Association and tech advisory company the Enterprise Strategy Group today. 

The 2021 edition of the Life and Times of Cybersecurity Professionals report found the skills shortage in this sector is as bad as ever. Of the 489 cyber security professionals surveyed, 44% said it had worsened, while half said it was around the same over the past few years. 

The cyber security skills shortage is contributing to workplace stresses for cyber security professionals, who singled out an overwhelming workload as the third most stressful issue. Six in 10 reported an increasing workload on existing staff, with roughly the same number highlighting an effect on work/life balance, and just over a third reporting an unhealthy level of job-related stress. 

The top two stress factors were dealing with IT projects created with no security oversight and dealing with disinterested business managers. 

Companies having difficulty finding cyber security staff would ideally train the ones they have to make them more productive. This was a priority for 91% of cyber security professionals, who felt that failing to update their skills put them at a disadvantage when protecting their organizations. Yet six in 10 felt job requirements stop them from updating their skills. 

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

The answer is to carve out more time for training in staff schedules, the report advised. 

The experience of recruits is a related problem. One in three respondents said their organizations were forced to hire and train junior employees rather than experienced candidates, as the latter were hard to find. 

Recruitment teams are a factor in the failure to hire experienced staff and often misstep when hiring cyber security pros, the report warned. There is no shortage of job offers, with recruiters soliciting 70% of respondents at least once per month. However, those recruiters often don't understand the sector, and the job offerings are poor. 

A lack of competitive compensation was a common complaint, which is a problem given it is the second-highest indicator of job satisfaction. Unrealistic job postings, such as demanding too much experience and too many certifications, were another common problem. This means new security postings often remain unfilled for weeks or months. 

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

UK's first government cyber strategy aims to bolster public sector defences
cyber security

UK's first government cyber strategy aims to bolster public sector defences

25 Jan 2022
IT Pro Podcast: Learning to live with risk
Sponsored

IT Pro Podcast: Learning to live with risk

25 Jan 2022
Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022