In a study conducted by the ESG (Enterprise Strategy Group), over 50 percent of the companies surveyed worldwide stated that this problem was having an impact on their business. But how can companies tackle this skills shortage? Corporate learning specialist Skillsoft has put together five measures.

Communicating management requirements

According to the report "Benchmarking Workforce Capacity an Response to Cyber Risk" by Frost & Sullivan, one of the main obstacles to the development of more IT security skills in companies is the lack of understanding of the requirements and the necessary qualifications among management. More than 42 percent of respondents worldwide and 41 percent of European study participants named this factor as the second most important obstacle, right after hard-to-find specialists. Therefore, one of the first steps for security initiatives should be to convince management with meaningful information and facts.

Build up qualifications and show prospects

The lack of qualified specialists is not only cited as the number one problem in the above-mentioned report. Further training measures to close the skills gaps are therefore a logical alternative or supplement to the search for IT security experts. This approach can be applied both to the search for candidates and to existing staff.

The (ISC)² survey showed, for example, that 48 percent of IT employees are interested in IT security. It is therefore advisable to check what prior knowledge and skills employees and applicants have that could possibly be expanded with a manageable amount of additional qualifications. Today, further training and certification courses are also available in digital formats that can be integrated into everyday working life regardless of time and location. It is also important to show candidates the career opportunities for IT security experts, as a lack of information about these prospects was cited as an obstacle by 31 percent of companies in the Frost & Sullivan study.

Relieve and retain skilled workers

The shortage of skilled workers also increases the risk of losing key employees. On the one hand, they are highly sought after, but on the other hand, their workload is often increasing due to growing stress and resource pressure. In many companies, just a few IT experts have to perform more and more tasks. Updating security updates or securely onboarding devices and components in increasingly complex IT environments alone is a never-ending Sisyphean task.

Building up the qualifications of more employees can help to relieve the pressure on existing experts and keep them in the company. Another starting point is the modernization of infrastructure and processes. Here it is worth checking whether it is worth switching to (partially) automated solutions that implement routine tasks such as security updates without manual effort.

Providing for the future

Forward-thinking companies are also already thinking about the next generation of potential candidates. A connection to educational institutions can contribute to the recruitment base in several ways. On the one hand, it offers the opportunity to interest talented people who are already undergoing relevant training in your company. On the other hand, it also allows you to advertise the job profile you are looking for.

Even tech-savvy millennials are rarely aware of their career opportunities in IT security. According to a recent study by the Enterprise Strategy Group (ECS), only 9 percent of respondents were interested in pursuing a career in this field. At the same time, however, 65 percent of millennials stated that they rate on-the-job training and mentoring programs as very positive. This shows that appropriate development programs for careers in IT security are a good way to increase the skills pool for the future.

Sensitization of all employees

Another key aspect for IT security in companies is raising awareness and increasing the technology awareness of all employees. Security breaches often occur due to a lack of understanding and the resulting negligent handling of security aspects. Verizon's Data Breach Investigation Report, for example, shows that 81% of the hacker attacks investigated in 2017 were due to stolen or weak passwords.

The progressive opening up of company systems and the spread of the Internet of Things (IoT) with countless end devices further expands the attack surface of every company. Regular short training sessions for the entire workforce are a must in order to explain topics such as password security or phishing and to convey responsibility with regard to the security of company and customer data.

In order to convey the content effectively and achieve a lasting learning effect, it must be up-to-date, relevant and as appealing as possible. Short "learning snacks" - keyword micro learning - for individual topics with current practical relevance are much easier to process, especially for non-specialist employees, than hour-long training courses that are intended to cover a wide range of topics in one session.

In conclusion, taking a more holistic approach with a broader view of the workforce, developing new candidate pools, raising awareness and training a wider workforce can help organizations close skills gaps and ensure they continue to protect their data and intellectual property in our increasingly digital world.