Unfilled IT positions are a cybersecurity risk, according to a new report from cybersecurity provider Fortinet. But more than half of the organizations surveyed struggle to recruit and retain talent.
More than two thirds (68%) of organizations face additional risks because of a shortage of people with cybersecurity skills. That percentage was 1% higher than in 2021.
Fifty-six percent of organizations “struggle to recruit” and 54% struggle to retain talent. The results were 60% and 52%, respectively, in 2021.
The hardest roles to fill are cloud security and security operations, researchers said.
Other conclusions from the cybersecurity report:
- Breaches are more frequent and more costly. The firm said that 84% of organizations had one or more breaches during the past year, an increase from 80% in 2021. Twenty-nine percent had five or more intrusions, as compared to 19% in 2021. The survey found that 48% had breaches during the past year that cost more than $1 million to remediate, an increase from 38% in 2021.
- Boards of directors are focused on cybersecurity. Ninety-three percent of respondents said boards ask about cybersecurity, up from 88% in 2021. Last year, 83% of boards suggested adding IT security people, compared to 76% in 2021.
- Certifications are sought as proof of cybersecurity knowledge and skills. Nine in ten “leaders” want to hire people with technology-focused certifications, compared to 81% in 2021. Ninety percent said they would pay for an employee to get a cyber security certification and 72% say that hiring certified people has increased security awareness.
- Diverse talent can help close the skills gap but isn’t always easy to find. About 40% of companies have difficulty finding qualified candidates who are women, military veterans or from minority backgrounds. Eighty-three of organizations have near-term diversity hiring goals. This is down from 89% in 2021.