November 5, 2024 By Mike Elgan 2 min read

The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM’s 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.

And that’s expensive. This skills deficit adds an average of $1.76 million in additional breach costs.

The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally crucial are skills in data analysis, risk management and compliance expertise.

Critical skills in short supply

According to cybersecurity experts, an incident response specialist is one of the most critical roles for reducing breach impacts. The IBM reports from 2020 and 2022 make it clear that the ability to quickly detect, contain and mitigate breaches can radically reduce costs, and this is still true today.

While a well-rounded security team with diverse skills remains the ideal scenario for most organizations, it remains elusive for many.

Cloud security expertise is also increasingly prized as more organizations migrate data to the cloud.

Strong coding skills for secure development and automation are also in short supply. Proficiency in security information and event management (SIEM) tools and threat-hunting techniques can significantly improve detection and response times.

While technical prowess is crucial, soft skills are also surprisingly important. The number one soft skill, of course, is communication. Cybersecurity pros need to be able to explain complicated security concepts, processes and threats to non-security technical people and non-technical people in the organization.

In incident response scenarios, staying calm under pressure and making sound decisions quickly can make the difference between a contained incident and a full-blown data breach. Problem-solving skills are also essential when teams encounter unfamiliar threats, requiring creative thinking to develop custom containment strategies.

Read the Cost of a Data Breach Report

Red flags in the hiring process

Organizations should be wary of certain traits when building security teams. Rigidity and an unwillingness to learn are major red flags in an industry where the threat landscape evolves constantly. Lone-wolf mentalities are also detrimental, as effective security requires collaboration across multiple disciplines.

Hiring people who can think critically, collaborate effectively and adapt quickly to changing circumstances is critical.

Closing the cybersecurity skills gap

Many organizations are taking a multi-pronged approach to combating the skills shortage. Common strategies include expanding internal training programs, encouraging certifications and partnering with universities to develop cybersecurity curricula.

Innovative companies are leveraging AI to augment their team’s capabilities, allowing human experts to focus on higher-value tasks.

“With the advent of Generative AI, we can provide less experienced staff with insights and recommendations, enabling them to make better decisions,” according to Sam Hector, Senior Strategy Leader at IBM Security. “AI is also enabling better management of complex security environments by identifying misconfigurations and vulnerabilities, either remediating them automatically or recommending how.”

And just as the cost of breaches that result from the skills gap can be measured in dollar terms, so can the savings resulting from AI tools. “Those with extensive use of AI [are] realizing average breach cost savings of $1.9 million,” according to Hector. “And those using AI extensively in prevention workflows specifically were able to save $2.2 million in breach costs on average.”

As the cybersecurity skills shortage persists, organizations must prioritize hiring and upskilling to build robust security teams. Companies can better position themselves to mitigate the costly impact of data breaches by focusing on a mix of technical prowess and essential soft skills. The investment in human capital today could save millions in potential breach costs tomorrow.

More from Data Protection

Router reality check: 86% of default passwords have never been changed

4 min read - Misconfigurations remain a popular compromise point — and routers are leading the way.According to recent survey data, 86% of respondents have never changed their router admin password, and 52% have never adjusted any factory settings. This puts attackers in the perfect position to compromise enterprise networks. Why put the time and effort into creating phishing emails and stealing staff data when supposedly secure devices can be accessed using "admin" and "password" as credentials?It's time for a router reality check.Rising router risksRouters…

Preparing for the future of data privacy

4 min read - The focus on data privacy started to quickly shift beyond compliance in recent years and is expected to move even faster in the near future. Not surprisingly, the Thomson Reuters Risk & Compliance Survey Report found that 82% of respondents cited data and cybersecurity concerns as their organization’s greatest risk. However, the majority of organizations noticed a recent shift: that their organization has been moving from compliance as a “check the box” task to a strategic function.With this evolution in…

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today