Staff Shortages Cause CSOs Sleepless Nights
According to a Kaspersky study, IT security vacancies remain unfilled for over six months in half of all companies.
According to a study by Kaspersky, half (49 percent) of the companies surveyed in Europe need more than six months to fill vacancies in the area of cyber security. The most frequently cited reason: applicants’ practical skills do not match their training on paper (57 percent). Accordingly, three out of ten companies (31%) in Europe state that their cyber security team is understaffed.
For half of the companies, it takes more than six months to fill vacancies. While it is still easiest to find suitable staff for junior positions – 36% of companies in Europe do so within one to three months – the staff shortage is particularly evident for positions with a high qualification profile: 31% need six to nine months to fill them, a quarter (26%) even need more than a year.
Various obstacles
When asked about the reasons for vacancies, a lack of practical skills on the part of candidates despite certified qualifications was cited most frequently (57%). High personnel costs also make it difficult for over half (52%) to fill vacancies. Other common barriers to employment are a lack of experience and rapid technological change (42% each) as well as background checks (39%).
The study identifies these five points as additional barriers to recruitment:
1. time constraints (short-term needs): 33 percent
2. global competition for skilled workers: 30 percent
3. rapidly evolving threat landscape: 28 percent
4. cultural fit: 27 percent
5. niche requirements: 23 percent
“In order to equip employees with the knowledge and skills they need, companies not only invest a lot of time in recruiting, but also in additional training for the team as a whole,” comments Waldemar Bergstreiser, General Manager Central Europe at Kaspersky. “This is especially true for large companies and organizations that have the necessary resources and need to comply with numerous local standards and regulations. Small and medium-sized companies, on the other hand, are well advised to outsource their cyber security to managed security service providers (MSSP) in order to be able to close staffing gaps quickly and without losses.”