26 March 2024
Over 70% of businesses pay more than $100,000 for additional training annually to keep skills of their cybersecurity employees up to date, a recent Kaspersky study has revealed. However, the surveyed companies also highlighted that there was a lack of relevant courses covering new challenging spheres in the educational market, and stated that training does not always bring them the expected result.
In its recent study ‘The portrait of the modern Information Security professional,’ Kasperskyexamined the topic of the global cybersecurity staff shortage, analyzing the exact reasons businesses lack cybersecurity experts, and identifying the ways they evaluate and upskill their cybersecurity workforce.[1]
According to the research, companies are investing significant amounts in upskilling their cybersecurity teams: 43% of organizations say they usually spend between $100,000 and $200,000 per year on information security courses, while 31% even invest over $200,000 for training programs. The remaining 26% state they usually pay less than $100,000 for educational initiatives.[2]
Furthermore, the research also revealed that many cybersecurity professionals (39%) believe corporate training is not enough. In order to stay competitive in the market and keep knowledge and skills up to date they are willing to pay for additional training courses with their own money.
However, cybersecurity practitioners also note that the educational market is struggling to keep up with the rapidly-changing industry and fail to deliver the necessary training programs on time. The research shows that the scarcity of courses covering new challenging spheres (49%) was the main problem for those searching for cybersecurity training.
Forty-seven percent of respondents also stated that trainees tend to forget what they learned because they had no opportunity to apply newly-acquired knowledge, therefore the courses were useless to them. The need for special training pre-requisites such as coding and advanced mathematics, which were not specified at the pre-registration stage were also problematic for 45% of practitioners.
“With a constantly evolving threat landscape, businesses should continually improve the skills of their cybersecurity personnel in order to be well prepared for sophisticated cyberattacks. Developing high-profile specialists within the company and building internal expertise can be an effective strategy for organizations that aim to retain existing employees and allow them to grow professionally, instead of constantly hunting for new candidates and checking their professional backgrounds and practical skills. For organizations served by Managed Service Providers it is also important to maintain a pretty high level of expertise internally and use the same language when discussing the scope of services and Service Level Agreement with them,” comments Veniamin Levtsov, VP, Center of Corporate Business Expertise at Kaspersky.
To effectively upskill cybersecurity teams, Kaspersky experts recommend the following:
The full report with more findings on the global shortfall of qualified InfoSec professionals is available via the link.