Companies rethinking degree requirements for entry-level cybersecurity jobs

While the threat landscape is evolving for most on the front lines, little has changed in recent years, according to ISACA.

The research finds that of the cybersecurity professionals who said they were experiencing an increase or decrease in cybersecurity attacks as compared to a year ago, 52% say they are experiencing more cyberattacks.

Cybersecurity skills gap threatens businesses

Though businesses recognize the increased threat, less than one in ten (8%) of the organizations who complete cyber risk assessments do these monthly while two in five (40%) conduct them annually. The failure to regularly assess cyber risk leaves organizations vulnerable to attacks and increases the risk of breaches going undetected for prolonged periods.

A lack of human resources prevents businesses from measuring and testing their cyber defenses regularly enough. 62% of respondents report that their cybersecurity team is understaffed. Of those organizations with unfilled cybersecurity roles, 39% want to fill entry-level positions that do not require experience, university degree, or credentials.

Typically, 44% of organizations state that they require a university degree to fill entry-level cybersecurity positions when they have them.

“Our findings show that businesses are still struggling to find the right people with the right skills to manage cybersecurity. With cyberattacks on the rise, if we do not solve these challenges and address the gaps, businesses, ecosystems of supply chains and public sector bodies could be at threat from a lack of vital protection, detection, response and recovery,” said Chris Dimitriadis, Global Chief Strategy Officer at ISACA.

“Businesses do not exist in isolation from their customers or the other organizations within their network, and a cyberattack on one part of the ecosystem can have consequences for everyone else. This is why holistic training is needed towards creating a safer world,” added Dimitriadis.

Building cybersecurity resilience by investing in talent and training

There are some simple steps businesses can take to tackle the cyber skills gap and improve their cyber resilience. Of those who are already making headway, 50% of the organizations surveyed are upskilling non-security staff, 46% are increasing the use of contractors or external consultants, and 27% are adopting reskilling programmes.

Cybersecurity professionals believe that hands-on experience in a cybersecurity role (97%), credentials held (88%), and completion of hands-on cybersecurity training courses (83%) are very or somewhat important when determining if a cybersecurity candidate is qualified.

Chris Cooper, member of ISACA’s Emerging Trends Working Group, said: “If businesses are to maintain their cyber resilience in an ever-evolving threat climate, we must encourage and nurture talent in the cybersecurity industry. Employers are looking for people who already have hands-on experience, but we will only enable people to build that experience by creating more entry-level roles and investing in the right training and development for everyone in the industry, from the ground up.”