A report by Forrester Consulting in 2013 suggests that 86% of security leaders feel that their concern over their organisation’s ability to manage risk stems from staff-related issues.
Companies are increasingly finding it difficult to compete with criminal attacks because of staff shortages and a lack of experience. This report has revealed that 80% of security leaders believe that it is very difficult to find and hire technical security staff that fit all of their requirements. This would immediately suggest that the talent pool of IT security experts is increasingly inadequate to support the expanding market for IT security.
The report moves on to disclose that only 25% of security leaders say that technical staff members remain as part of their teams for three or more years. This again demonstrates the immense shortage of IT experts in the security market. It also confirms another statistic where (in a questionnaire where the top three responses were accepted) the main issues with recruiting technical security staff were due to competition with other firms (44%), poor staff quality (39%) and an insufficient number of applicants (39%). Clearly then IT security is a high demand and short supply market. This provides low barriers to entry for Managed Security Service Providers (MSSP or MSP), but are they the solution to the IT security problems for both mature and immature organisations?
It is clear that MSP’s provide excellent service to these organisations, with 90% of Chief Information Security Officer’s (CISO’s) reporting that the skill set of the MSP’s being as good as, or better than, internal resources. However, with these excellent credentials they can charge exorbitant fees to the organisations that can barely cover their own security costs. In addition, MSP’s would provide an attractive prospect to experienced IT security experts to expand their career prospects at successful companies. This ‘brain-drain’ of experience IT security specialists is only compounded by the decrease in university applications of computer-related courses. Indeed, in the UK, in 2012, there were only 3%, a decrease of 6.4% from the previous year. This truly does forecast a difficult time ahead for IT security in companies. Are there any solutions for these companies?
A sensible approach for CISO’s would be to invest in long-term contracts with MSPs’, allowing their own internal security staff to innovate and add value to the internal organisation. If you would like to find out about the Information Technology Security solutions provided at Transputec and get access to a security expert to discuss your requirements , please contact us for more details.
The statistics in this document were compiled from a Forrester Consulting Thought Leadership Paper Commissioned by IBM, entitled: "Surviving the Technical Security Crisis".