April 17, 2018
McLean, Va – It’s no longer just chief information security officers that are feeling the heat of cyber threats. Boards and investors are also adding fuel to the fire. In a new survey of 250 senior IT decision makers, Booz Allen finds that nearly 3 in 4 respondents (74 percent) agree that investors are holding senior executives accountable for cyber incidents.
This new data reinforces an alarming and expensive trend: many organizations do not have the cybersecurity staff in place to fully protect themselves from national threats and the associated fallout of intellectual property theft and other cyberattacks. And, this trend may not end soon – 57 percent believe hiring top cyber talent will only become more difficult over the next five years.
This lack of talent is causing these organizations to make short-term staffing fixes to protect their business, making the problem worse. Amid a recent barrage of cyber breaches, most (83 percent) respondents have open cybersecurity positions to fill at their company, with 72 percent saying it is particularly challenging to identify and hire new, high-quality cyber warriors – like threat hunters and reverse malware engineers.
“These findings are rooted in what Booz Allen has understood for quite some time – products alone don’t make organizations secure, it’s about the right talent fusing the best solutions,” said Booz Allen’s U.S. Commercial Lead, Bill Phelps. “The cyber talent gap has become an existential threat. Organizations will find success through honest investments in people like robust training and by partnering across industries.”
Based on hundreds of engagements with government and commercial clients grappling with these challenges, Booz Allen offers five best practices to effectively and sustainably address the cyber talent gap:
- Take a multi-dimensional approach: Introduce new talent to cyber through educational and non-traditional means (e.g., transitioning military), and equip existing employees with well-defined career paths that allow vertical and horizontal movement to gain differentiated experience.
- Move the organization—and talent—out of defense mode: Use automation tools to address routine cyber tasks so talent can prioritize more challenging cyber problems like threat hunting.
- Reframe training standards: Offering competitive compensation and benefits is table stakes to hire and retain the best talent. All employees, cyber and non-cyber, must be empowered to take time for diverse and experiential modes of training like Capture the Flag games.
- Look beyond certifications: Ensure recruiters are looking for soft skills to augment the traditional abilities of cyber warriors. Organizations should validate expertise through skills-based assessments.
- Don’t go it alone: Partner across government, industry, and academia to create continuing learning and growth opportunities. Organizations should find partners whose main focus and mission is to think like the adversary to build and introduce new, harder trainings to their team.
Other key survey findings include:
- In the short term, organizations are managing the talent gap by turning to tools and software (56 percent); training non-cyber employees (52 percent); and asking employees work more (45 percent).
- These short-term solutions can leave organizations expose. Respondents worry that being short staffed will increase vulnerability to cybercrime and theft (40 percent); create high levels of stress among current staff (34 percent); and lead to high turnover due to burnout (29 percent).
- To stay competitive in the talent race, organizations are prioritizing incentives like more competitive compensation and benefits (54 percent) and investing in the latest cyber technologies (51 percent) over incentives like paying for additional education, training, and other forms of professional development.
Booz Allen and KRC Research conducted this national survey of 250 senior IT decision-makers from March 23 to April 4, 2018.