Kaspersky study highlights lack of progress in cybersecurity upskilling
A recent study conducted by cybersecurity giant, Kaspersky, reveals that more than 70% of businesses spend over $100,000 each year on upskilling their cybersecurity teams. Despite this significant investment, the study suggests the desired outcomes are often not achieved.
The research indicates that the industry's fast pace makes it challenging for the educational market to keep updated. As a result, cybersecurity training frequently falls behind, with a noted absence of courses that cover new and emerging challenges in the sector. The study also finds that trainees often have little opportunity to practice what they learn, rendering some training sessions ineffectual.
Kaspersky's research delved into the global cybersecurity staff shortage, investigating why businesses experience this deficit and exploring avenues for improving skills among the existing workforce. A total of 43% of surveyed organisations spend between $100,000 and $200,000 annually on information security courses. Another 31% invest more than $200,000 each year on training programmes. The remaining 26% typically spend less than $100,000.
Interestingly, the study also revealed a strong individual commitment to skills improvement, with 39% of cybersecurity professionals willing to finance additional training courses independently. However, nearly half (49%) of respondents mentioned that the lack of courses catering to advanced and innovative areas of cybersecurity made it difficult to find relevant training. A further 47% commented that they forget much of what they learned due to a lack of opportunity to apply the new knowledge, rendering these courses futile. Also, 45% of practitioners pointed out that courses often require advanced prerequisites, such as coding or mathematics, which were not specified at the time of registration.
Veniamin Levtsov, VP, Center of Corporate Business Expertise at Kaspersky, explained, "With a constantly evolving threat landscape, businesses should continually improve the skills of their cybersecurity personnel… Developing high-profile specialists within the company and building internal expertise can be an effective strategy for organisations…" He also stressed the importance for organisations served by Managed Service Providers to maintain a high level of internal expertise.
To enhance cybersecurity teams, Kaspersky recommends organisations to invest in quality, practical cybersecurity courses for their staff. Using interactive simulators is a useful way to test employee capabilities and evaluate how they react under pressure in critical situations. The cybersecurity firm also encourages businesses to equip their InfoSec professionals with in-depth visibility into cyberthreats targeting their organization. According to Kaspersky, a rich and meaningful overview across the entire incident management cycle will enable them to identify potential cyber risks in time.
While the research raises concern about the current state of cybersecurity skills development, it also offers solutions to help businesses turn the situation around. By investing in quality training and adopting a more strategic approach, organisations can cultivate their cybersecurity talent, ensuring they are well-equipped to face the threat landscape of the future.