A study from Spiceworks found that even though 80 percent of organizations experienced a "security incident" in 2015, only 29 percent of companies have a cybersecurity expert working in their IT department and only 7 percent have a cybersecurity expert on their executive team. And a majority -- 55 percent to be exact - said that their business didn't have "regular access" to any IT security experts at all, internal or third-party, with the majority of companies also reporting they had no plans to hire or contract one within the next year.
Those numbers are surprising when you consider that data from IBM found that the average total cost of a data breach hovers around $4 million, with a price tag of around $154 per lost or stolen confidential file. Those numbers should ignite a spark under any business leader -- suggesting that employing a cybersecurity expert will save you money down the line. But while 73 percent of CIOs and senior IT leaders saying they view cybersecurity as a priority in 2016, only 56 percent of CTOs, 54 percent of CEOs and 30 percent of CMOs feel the same way.
"With each new breach and cybercriminal attack, more companies are realizing they're vulnerable, too. However, the cybersecurity skills gap is making it even harder for companies to quickly address cybersecurity problems. Organizations should start putting their cybersecurity special forces together now to create processes around IT security and tackle external threats," says John Hodges, vice president of Product Strategy at AvePoint.
Waiting on the cybersecurity graduates
One problem with finding cybersecurity professionals is that it's a relatively new skill that requires higher education and certifications. That leaves a gap between the time when the workforce identifies a need for this skill and when potential candidates can actually complete a relevant degree, obtain certifications and gain training or experience, according to Hodges.
For businesses that can't find cybersecurity talent or who can't wait for candidates to graduate from security programs, it might make sense to hire a third-party service. That's especially true for smaller businesses that might not be able to compete against larger corporations in the hiring war for security professionals says Judson Van Allen, director of recruiting of Strategic Staffing Services at CTG.
Hiring a third-party security provider can help alleviate some of the load on IT and get your business through the dry spell of cybersecurity candidates. In a few years, once more workers enter the job market with the right qualifications, you can start building up an internal team with outside talent.
Sign up for Computerworld eNewsletters.