Security Skills Gap Continues to Stymie Enterprise Cyber-Defenses | eWeek

Security Skills Gap Continues to Stymie Enterprise Cyber-Defenses

Security Hiring B
Écrit par
Robert Lemos
Robert Lemos
Nov 2, 2014
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Companies will spend marginally more money on technology and staff to defend their IT systems and data in 2015, but they continue to have problems hiring knowledgeable security professionals, according to a survey conducted by business-services firm Ernst & Young.

About 52 percent of the more than 1,800 organizations surveyed expect security budgets to increase, compared to 43 percent whose budgets will remain unchanged. More than half of firms identified the lack of skilled professionals as a major reason for their inability to bolster system security, according to the survey.

“Good resources are scarce and you have to find new ways to provide needed security services,” Chip Tsantes, chief technology officer of the cyber-security practice at Ernst & Young, told eWEEK. “You have to be more creative to find the skills that you need.”

The lack of information-security professionals has been a common theme over the past five years. More recently, government hiring and the increase in the number of devices added to networks requiring security support has led to a continue shortfall in skilled security people, which Cisco estimates at 1 million workers worldwide.

The lack of adequate staff undermines a variety of security efforts, according to the survey. About a third of companies do not have the capability to assess threats in real-time; only 13 percent of firms believe they are meeting their information-security needs; and between a third and 45 percent of organizations gave themselves poor grades in a variety of cyber-security areas.

Companies without adequate staff need to prioritize efforts and focus on technologies and processes that give them better visibility into threats and their current risks, Tsantes said.

“You can’t monitor everything, and that means you must make sure that you are focused on the most critical assets,” he said. “Security teams need to direct the business to protect those assets and focus their efforts.”

As in past years, companies flagged employees as the most likely source of threats to their information, but this year businesses identified a variety of external threats—such as criminal syndicates and hacktivists—as the most probable threats.

The survey found that 57 percent of respondents identified employees as a threat source, but criminals (53%), hacktivists (46%) and lone-wolf hackers (41%) were all deemed more likely a threat than the next highest internal actor, contractors.

To develop employees into a security asset rather than a vulnerability to be exploited, companies frequently train and focus on education. However, businesses should also track their employees’ security awareness, according to the report.

While 55 percent of companies do not rate their employees’ security knowledge on performance evaluations, establishing workers as a potential line of defense should be priority for companies.

“If employees understood that their own job security was under threat because the security of the organization was under threat, and that cyber-security was a performance metric, this could encourage a permanent change in awareness and behavior,” the Ernst & Young report concluded.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.