Only 10% of companies have increased their cybersecurity hiring efforts

Cybersecurity teams are critical to the overall success of organizations, and yet companies are failing to recruit cyber talent at the same rate they need them. 

Nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyberattacks, according to research from IT service management company VikingCloud, yet 32% said that even if they found the right person, they don’t have the budget to hire more staff. As a result, only 10% of companies have increased cyber hiring in the past 12 months, and it’s putting entire organizations at risk. 

“Cyber teams are not being supported with technology that enables them to do their jobs effectively,” says Kevin Pierce, chief product officer at VikingCloud. “And the threat landscape is far larger than companies realize.”

Read more: Only 20% of IT workers are consulted for tech-based decisions

Forty-nine percent of companies surveyed by VikingCloud reported an increase in frequency of cyberattacks and 43% in severity, with 55% of cyber departments even believing that modern cybercriminals are more advanced than their internal team. But in addition to limited hiring budgets, 35% of companies also don’t have the budget for new technology to better support them. 

“The workforce shortage is creating a cascading impact on the rest of the team,” Pierce says. “The burnout also means less effective workers, higher working attrition rates, and fewer candidates willing to come into such a stressful work environment. It is a vicious circle that the industry needs to fix.”  

Thirty-three percent of companies end up late to respond to cyberattacks because more than half of cybersecurity teams are spending four or more hours per week — approximately 208 hours a year — dealing with false positives. And when they do manage to finally address an issue, 40% of cyber teams, 13% of C-level IT leaders and 57% of managers choose not to report certain cyber incidents out of fear of losing their jobs.

A likely cause of the underreporting is that the same staff members tasked with setting up security controls may be the same ones designated to report the cyber incidents up the chain of command, according to Pierce. But due to the persisting lack of talent, those staff members are overwhelmed and overworked. Technology can help fix this.

Read more: 10 best cities for cybersecurity talent

“Despite the significant time and effort cyber teams put in daily, cyber incidents are still slipping through the cracks,” Pierce says. “Technology could be a key enabler in helping them alleviate the impacts of the current talent shortage.”

Thankfully, 63% of companies surveyed by VikingCloud are already looking to adopt technology like Generative AI in the next 12 months that helps solve things like threat simulation, security patching and automating security information. In addition, organizations could also help cyber teams address cultural issues, reward team members for flagging cyber incidents before they become disruptive and outsource oversight and reporting roles. 

“Employers should be proactive in engaging with their cyber teams to understand where their main pain points lie — and where tech can fill these gaps,” Pierce says. “Because with the right tech support, cyber teams could have an easier job sourcing candidates in the long run.”