06/14/2021 | News release | Distributed by Public on 06/14/2021 08:29
2021 is the unofficial 10-year anniversary of the cybersecurity skills gap. One of the earliest mentions of the shortage of cybersecurity professionals came from ESG Analyst Jon Oltsik in 2011. Though we've had a decade to solve this problem, the gap has only gotten worse.
The 2020 (ISC)² Cybersecurity Workforce Study estimates the cybersecurity workforce gap worldwide to be 3.1 million, with the U.S. facing a deficit of 359,000 workers. According to (ISC)², 'employment in the field needs to grow by approximately 41% in the U.S., and 89% worldwide, to meet the anticipated demand.' The study also found that these cybersecurity shortages are taking a toll on companies' cybersecurity postures. More than half of the study's 3,790 respondents say they believe cybersecurity staff shortages are putting their organizations at risk.
CISOs in High Demand
The skills shortage is a pervasive problem at every cybersecurity job level, including chief information security officers (CISOs). Wall Street Journal Reporter Kim Nash does a nice job detailing why CISOs are so hard to come by in her article, 'Talent Shortage Makes CISOs a Hot Commodity.' She notes companies' varying expectations for job requirements and experience levels as several factors contributing to the limited number of candidates.
Of course, the lack of CISOs in the market is a problem affecting organizations of all sizes-but it's becoming especially troublesome for mid-market and large organizations. In fact, in her article, Nash notes, 'sitting CISOs at large U.S. companies are in great demand.'
The CISO shortage isn't the only thing getting worse. The cybersecurity landscape is too. Between the ransomware epidemic, attacks on critical infrastructure, and the surge of phishing and other social engineering threats (as a result of the COVID-19 pandemic and the associated work-from-home push), the cybersecurity landscape has never been scarier. This reality leaves many companies struggling to defend against this sophisticated threat landscape without the right security leadership in place.
Bridging the Gap with Virtual CISO Services
Outsourcing has emerged as a common and effective way to overcome the skills gap across verticals, and the same holds true for the cybersecurity industry. Remember ESG Analyst Jon Oltsik? He's still tracking the cybersecurity skills shortage. In this blog post, he notes that ESG's 2020 Technology Spending Intentions Survey found that 'of those organizations that have a problematic shortage of cybersecurity skills, 73% will increase usage of third-party services to help them dig their way out of this personnel hole.'
Outsourcing is an easier and more affordable way for mid-market companies to fill their vacant CISO position. So much so, in fact, that virtual CISO (vCISO) services offered by managed service providers (MSPs) are becoming more mainstream. At a high level, vCISO services provide companies with the security leadership skills they need to assess risk, develop a security strategy to mitigate identified risks, maintain governance, and, overall, defend against today's complex threats.
Here are five reasons why vCISO services can be so impactful in the quest to bridge the cybersecurity skills gap:
Navisite's vCISO Service Delivers
Navisite's vCISO Service provides all of the benefits above and so much more. Aligned with the Center for Internet Security's Critical Security Control Framework, our vCISO Service is designed to remove the skills, resources and budget constraints that often prohibit companies from developing and maintaining a strong cybersecurity strategy. Our cybersecurity team has gained a unique skill set from years of experience helping companies of all sizes develop and implement cybersecurity frameworks. We'll work alongside your team to:
At Navisite, we know there is no 'one size fits all' security solution. Not only does our vCISO service rectify the cybersecurity skills and technical gaps within mid-market organizations, but it's right-sized for each customer-meaning, we'll meet you wherever you are on your security journey. To learn more about Navisite's vCISO service, check out our data sheet. To find out how our vCISO Service can help you enhance your cybersecurity program, contact us today.