Cybersecurity skills gap is giving threat actors an advantage, research says

28 Jun 2019

Image: © Gorodenkoff/

Nearly half of cybersecurity professionals feel that cybercriminals are starting to outskill them, according to research from Symantec.

Research commissioned by cybersecurity firm Symantec has found that the emerging skills gap in the industry could be giving threat actors an edge.

Symantec, in partnership with Dr Chris Brauer and his team at Goldsmiths, University of London, surveyed more than 3,000 professionals working in cybersecurity in France, Germany and the UK.

The survey found that 44pc of cybersecurity professionals feel their teams lack the necessary skills to combat the threats their organisations face, and more than a third (37pc) reported that their teams cannot deal with the scale of the current workload.

Those two facts are interconnected, according to surveyed professionals – 46pc of cybersecurity professionals said they are too busy to keep up with necessary skill development. The breathless pace of technological change has proved too fast for teams to adapt, 45pc of people said. Almost half (48pc) said attackers now have “unprecedented” resources from state-sponsored hackers and organised crime.

“Cybersecurity professionals are first responders, locked into a constant arms race with attackers, where talent and skill are the most important weapons,” commented Brauer, director of innovation at Goldsmiths, University of London. “The vast majority find this battle of wits an exciting and deeply intellectual challenge. But this demanding work comes with high stakes and is fought at a frenetic pace with little support. Add to this the relentless volume of alerts and more mundane tasks, and the job can quickly turn toxic.

“Highly stressed workers are far more likely to be disengaged and ultimately quit. In an industry already plagued by a skills shortage, this is a significant risk to businesses.”

Taking its toll

As a result of the strain being put on these already limited teams, mistakes get made. Cybersecurity professionals admitted that they find themselves underestimating what is needed to deal with threats (78pc), rushing to assess threats (77pc), and shouldering guilt and a sense of responsibility (69pc) for incidents they feel could have been avoided.

Darren Thomson, EMEA chief technology officer at Symantec, doesn’t think this is an issue that businesses can recruit their way out of. “The cybersecurity landscape has changed dramatically since today’s CISOs entered the industry. With thousands of threat events happening every second and the complexity of the IT estate growing exponentially, simply keeping pace is a challenge.

“Defensive strategies need to change. Machine augmentation is mission-critical, but security leaders must ensure that these tools don’t become part of the problem. Taking steps to reduce the complexity of cybersecurity, use of cloud-delivered security, increased automation and smart use of managed services can all help to reduce overload and improve retention.”

You can view the full ‘High Alert’ report here.

Eva Short was a journalist at Silicon Republic