Cyber security professionals admit “knowledge gaps” have led to serious security blunders

Female cyber security worker in a dark room with screen reflected on glasses.
(Image credit: Getty Images)

Over 50% of acting cyber security professionals have admitted to making mistakes early in their career due to a lack of technical knowledge, new research suggests. 

The study, conducted globally by Kaspersky, found that this percentage rose to nearly 60% in those with just two-to-five years of experience in cyber security. 

There were several areas in which cyber security professionals reported practical and theoretical knowledge to be missing, according to the study

43% admitted that they failed to update software, 42% said that they were guilty of using weak and easily-guessed passwords, and 40% of surveyed staff claimed they had neglected to perform backups in a timely manner. 

All these mistakes, the professionals said, were made early on in their careers. In North America and the Asia-pacific region, the use of outdated security measures was also cited as a common mistake made by cyber security experts at the beginning of their career. 

Kaspersky said the research highlights the importance of robust training for early-stage cyber security professionals, especially given that over two-thirds (64%) of all security incidents were due to human error

Some cyber security workers “lack confidence”

Over the past two years, every organization has fallen victim to “at least one” cyber security incident as a result of underqualified or undertrained staff, according to Kaspersky. 

Undertrained staff take longer to get comfortable in their roles, with nearly half (46%) of all cyber security employees stating it took over a year for them to feel confident in their InfoSec positions.  

While 31% managed to get to grips with the job within one or two years, nearly 10% claimed it took them two or three years, and 6% said it took more than three. 

Company recruitment teams need to shoulder some of the blame as well, though, Kaspersky said Over one-third (34%) of respondents said they had three or more failed interviews before being selected for an InfoSec role.

This points to knowledge gaps within companies as a whole, suggesting that many businesses don't know what to look for in a cyber security expert. 


Recent research from recruitment firm Hays found that over three-quarters (78%) of tech employers were willing to employ IT staff without the necessary requirements as an attempt to mitigate the tech skills gap, with the intention of upskilling in the future. 

With current estimates putting that cyber security workforce shortfall at nearly 4 million, the skills deficit is placing significant strain on the task of mitigating cyber security risks.

“It’s no secret that formal training programs often struggle to keep up with industry developments, and that is especially true for the cybersecurity field,” said Marina Alekseeva, chief human resources officer at Kaspersky. 

“The fact that many employees in the market might have limited practical skills or gaps in their knowledge underlines the importance of a comprehensive onboarding process with a focus on peer learning and means companies must pay more attention to the upskilling of their employees,” she added.  

Kasperysky’s study suggests a program of education which is flexible and adaptable to regularly changing InfoSec demands, while also encouraging the use of practical cyber security exercises and upskilling procedures. 

George Fitzmaurice
Staff Writer

George Fitzmaurice is a staff writer at ITPro, ChannelPro, and CloudPro, with a particular interest in AI regulation, data legislation, and market development. After graduating from the University of Oxford with a degree in English Language and Literature, he undertook an internship at the New Statesman before starting at ITPro. Outside of the office, George is both an aspiring musician and an avid reader.