What is the financial impact of the IT security skills shortage?

Kaspersky Lab has released its 2016 Corporate IT Security Risks survey which found that large businesses with a small amount of full-time security experts pay almost three times more to recover from a cyberattack than those businesses with in-house expertise.

In March-April 2016, a survey about attitudes and experiences with cyber security was conducted of more than 4,000 company representatives in different industries and of various sizes. The findings show a general shortage in full-time security staff and expert talent availability which calls for the need for more specialists in the field.

The research shows that large businesses hiring outside help pay between $1.2M – $1.47M to recover from a cybersecurity incident, compared to those large businesses who have in-house skilled IT security experts to handle a crisis who pay between $100K – $500K. This is due to a significant amount of recovery costs going toward additional staff wages to hire external expert help – on average costing $14K for SMBs and $126K for enterprises.

srsrs_2016_eng_2-1024x450

Businesses, large and small, don’t have the full-time security expertise to properly handle an attack on their own. Only 15 percent of the employees in an IT department of a large company are dedicated to security. For example, in a large business that equals 39 specialists in a typical team of 220 experts managing all aspects of the infrastructure. For SMBs, there are only two security experts out of a team of 16 IT professionals. With an average of 315,000 malware threat detected on a daily basis, businesses need to reconsider proactively enhancing their security defenses.

Surprisingly, nearly half (48 percent) of businesses admit there is a talent shortage and a growing demand for more specialists (46 percent). Proactively hiring new staff to employ experts before an incident, rather than bringing them in to pick up the pieces, significantly lowers the average IT costs and helps better protect the business.

Specialist Expertise

Citing complexity of IT infrastructure, compliance requirements, and the overall desire to protect business assets, companies are willing to grow their security intelligence. In fact, for a third of businesses, the improvement of specialist security expertise is one of the top three drivers for an additional investment in IT Security.

srsrs_2016_eng_4

Overall, 68.5 percent of companies expect an increase in the number of full-time security experts, with 18.9 percent expecting a significant increase in headcount. Higher education is an important part of fulfilling such a demand, but this is also a call for a change within the security industry itself. One of the solutions is to aid universities with relevant experience.

Another very important long-term solution is to adapt R&D efforts towards the effective sharing of intelligence with corporate customers in the form of threat data feeds, security training, and services. A proper combination of security solutions and intelligence is what allows corporate security teams to spend less time and money on regular cybersecurity incidents and focus on strategic security development and advanced threats.

srsrs_2016_eng_3

“In this evolving industry the relationship with our customers already goes beyond the shipment of a technology or a product – to providing the skills and training necessary to identify on-going attacks,” said Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab. “Sharing detailed research about attacks on other businesses, in the form of intelligence reports, is also necessary, along with actionable, machine-readable data about on-going threats. Solving the different challenges of threat prevention, detection, incident response and prediction requires a lot of flexibility and experience and we are dedicated to helping grow the security expert workforce around the world.”

Recently, Kaspersky Lab launched Talent Lab, an international competition for university students and young professionals to help them start their career in the field of IT Security. More information about the program can be found at Kaspersky Lab’s website.

The full survey report titled, “Lack of Security Talent: An Unexpected Threat to Corporate Cybersafety” is available at Kaspersky Lab’s website here.