A lack of cyber security skills around the world could be leaving many businesses vulnerable to hacking attacks, as they do not possess the expertise needed to counter criminal activity.
This is among the findings of a new report from ISC2, which revealed that worldwide, there is a shortage of almost three million cyber security experts.
Almost two-thirds of enterprises (62 per cent) said they have a shortage of IT workers dedicated to cyber security, while 59 per cent said their companies are at moderate or extreme risk of cyber attack as a direct result of this.
Another consequence of this skills gap is that many IT staff who do not have formal training in this area are expected to take responsibility for securing critical assets, with staff spending at least a quarter of their time on this area. This is an issue that affects firms of all sizes, from large enterprises to the smallest businesses.
The difficulties in finding qualified cyber security specialists may therefore be leading many companies to upskill their existing workforce in order to close this gap. Indeed, more than half of all respondents globally (54 per cent) are either pursuing cyber security certifications or plan to within the next year.
ISC2's research identified four key areas in which cyber security professionals feel they will need to develop and improve their skills over the next few years in order to counter the latest threats and advance their careers.
These are cloud computing security, penetration testing, threat intelligence analysis, and forensics.
However, the study also highlighted several challenges that may be preventing cyber security staff from improving their skills. The biggest issues are a lack of clear career paths for these professionals, cited by 34 per cent of respondents, a lack of knowledge of cybersecurity skills within their organisation (32 per cent) and the cost of education to prepare for a cybersecurity career (28 per cent).
The study also revealed that cyber security professionals are getting younger, with 35 per cent now identified as millennials, compared with 20 per cent in previous studies. While cyber security is still a male-dominated field, almost a quarter of professionals (24 per cent) are now female, compared with just 11 per cent in previous years.