MCLEAN, Va.--(BUSINESS WIRE)--It’s no longer just chief information security officers that are feeling the heat of cyber threats. Boards and investors are also adding fuel to the fire. In a new survey of 250 senior IT decision makers, Booz Allen finds that nearly 3 in 4 respondents (74 percent) agree that investors are holding senior business leaders accountable for cyber incidents.
This new data reinforces an urgent and expensive challenge: many organizations do not have the cybersecurity staff in place to fully protect themselves from evolving threats and the associated fallout from serious cyber-attacks affecting IP, sensitive customer data and business disruption. And, this trend may not end soon – 57 percent believe hiring top cyber talent will only become more difficult over the next five years.
This lack of talent is causing these organizations to make short-term staffing fixes to protect their business, often making the problem worse. Amid a recent barrage of cyber-attacks, most (83 percent) respondents have open cybersecurity positions to fill at their company, with 72 percent saying it is particularly challenging to identify and hire new, high-quality cyber defenders – like advanced threat hunters and malware reverse engineers.
“These findings are rooted in what Booz Allen has understood for quite some time – products alone won’t make organizations secure, tools are only effective when a skilled workforce is in place to use them,” said Booz Allen’s U.S. Commercial Lead, Bill Phelps. “The cyber talent gap has become an existential threat. Organizations will only find success through sustained investments in people like robust training and finding more effective ways to leverage scarce talent.”
Based on hundreds of engagements with government and commercial clients grappling with these challenges, Booz Allen offers five best practices to effectively and sustainably address the cyber talent gap:
- Take a multi-dimensional approach: Develop both cyber natives and novices, and establish well-defined career paths that allow vertical and horizontal movement so employees can learn in new contexts.
- Move the organization—and talent—out of reactive mode: Use automation tools to address routine cyber tasks so talent can prioritize more challenging cyber problems like advanced threat hunting.
- Reframe training approaches: Offering competitive compensation and benefits are table stakes. All employees must have time for diverse and experiential training like capture the flag games, purple teaming and other “live fire” type exercises.
- Look beyond certifications: Ensure recruiters are looking for soft skills to augment the traditional abilities of cyber defenders. Organizations should validate expertise through skills-based assessments.
- Use sourcing and industry partnerships strategically: Traditionally in IT, sourcing was used to reduce costs by contracting third parties to perform commoditized tasks. Security companies must use sourcing and partnerships to secure access to scarce premium skills. Outsourcing should be more about securing advanced capabilities than about reducing costs.
Other key survey findings include:
- In the short term, organizations are managing the talent gap by turning to tools and software (56 percent); training non-cyber employees (52 percent); and asking employees to work longer hours (45 percent).
- These short-term solutions can leave organizations exposed. Respondents worry that being short staffed will increase vulnerability to cybercrime and theft (40 percent); create high levels of stress among current staff (34 percent); and lead to high turnover due to burnout (29 percent).
- To stay competitive in the talent race, organizations are prioritizing incentives like more competitive compensation and benefits (54 percent) and investing in the latest cyber technologies (51 percent) over paying for additional education, training, and other forms of professional development. This approach does not address the talent shortage over the long haul.
Booz Allen and KRC Research conducted this national survey of 250 senior IT decision-makers from March 23 to April 4, 2018. For more information, visit BoozAllen.com/media-center.
About Booz Allen Hamilton
Booz Allen Hamilton (NYSE: BAH) has been at the forefront of strategy and technology for more than one hundred years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise.
With international headquarters in McLean, Virginia, the firm employs approximately 24,225 people globally, and had revenue of $5.80 billion for the 12 months ended March 31, 2017. To learn more, visit www.boozallen.com.