Study finds companies are mishandling cyber security recruitment

Recruiters wrong-footed as skills shortage mounts

Companies are sabotaging their cyber security efforts with a mixture of poor recruiting and training practices, warned a report from the Information Systems Security Association and tech advisory company the Enterprise Strategy Group today. 

The 2021 edition of the Life and Times of Cybersecurity Professionals report found the skills shortage in this sector is as bad as ever. Of the 489 cyber security professionals surveyed, 44% said it had worsened, while half said it was around the same over the past few years. 

The cyber security skills shortage is contributing to workplace stresses for cyber security professionals, who singled out an overwhelming workload as the third most stressful issue. Six in 10 reported an increasing workload on existing staff, with roughly the same number highlighting an effect on work/life balance, and just over a third reporting an unhealthy level of job-related stress. 

The top two stress factors were dealing with IT projects created with no security oversight and dealing with disinterested business managers. 

Companies having difficulty finding cyber security staff would ideally train the ones they have to make them more productive. This was a priority for 91% of cyber security professionals, who felt that failing to update their skills put them at a disadvantage when protecting their organizations. Yet six in 10 felt job requirements stop them from updating their skills. 

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

The answer is to carve out more time for training in staff schedules, the report advised. 

The experience of recruits is a related problem. One in three respondents said their organizations were forced to hire and train junior employees rather than experienced candidates, as the latter were hard to find. 

Recruitment teams are a factor in the failure to hire experienced staff and often misstep when hiring cyber security pros, the report warned. There is no shortage of job offers, with recruiters soliciting 70% of respondents at least once per month. However, those recruiters often don't understand the sector, and the job offerings are poor. 

A lack of competitive compensation was a common complaint, which is a problem given it is the second-highest indicator of job satisfaction. Unrealistic job postings, such as demanding too much experience and too many certifications, were another common problem. This means new security postings often remain unfilled for weeks or months. 

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022