The Cyber Security Skills Gap is Getting Wider

For any ​cyber security specialist who’s due a pay review, recently published threat reports make worthwhile reading. The latest annual roundup from FireEye confirms the Cyber Security Skills Gap as one of the biggest risks facing businesses. Specialists in this area are dubbed a “scarce resource” – and (assuming they know their stuff) are definitely worth hanging on to…

Here, we take a closer look at what’s driving this gap – and what this means for businesses, employees and anyone who’s thinking about topping up their cyber security credentials…

The skills gap: what are we talking about?

The research in question is the M-Trends 2018 report from FireEye subsidiary, Mandiant, based on the company’s investigations into targeted attack activity in the year up to October 2017.

The message is as follows: there’s a deficit in the availability of information security personnel – and this shortage is expected to get worse over the next five years. This assertion is drawn from Mandiant’s own engagements with organisations. It’s also supported by intel from the US National Institute for Cybersecurity Education (NICE) which reported that 285,000 cyber security roles went unfilled last year in the US alone.

Mandiant estimates that it takes 9-12 full-time employees to keep an enterprise-level cyber defense center manned around the clock. Especially for bigger companies, there’s a drive to adopt “a more proactive security posture” and develop their own capabilities in areas such as malware analysis, threat hunting, automation and threat intelligence. All of this drives the demand for more staff.

ESG’s annual global survey on the state of IT paints a similar picture. Based on data from North America and Western Europe, it shows that infosec comes top of the list of tech-related roles where businesses are experiencing a “problematic shortage” of skills.

The ESG data shows how the gap has been getting bigger over time. Back in 2014, 23% of respondents reported a problematic shortage in recruiting cyber security skills. By 2018, it was up to 51%.

Scroll to Top