Cybersecurity positions are going unfilled, and so businesses may not be able to keep up with the growing rate of attacks.
And vacant cybersecurity positions are associated with increased security risks, according to a study by Dr. Chenxi Wang on behalf of research and staffing firm CyberSN.
The study found:
- Internal organizational processes significantly lengthen the time to hire qualified cyber professionals.
- Low compensation offers cause potential hires to turn down offers.
- Organizations do not engage appropriate recruiting channels to yield positive outcomes.
These hiring challenges increase business risk and ultimately contribute to the data breaches that have become common place today, said CyberSN CEO Deidre Diamond. “The cyber security talent shortage is not an excuse for unfilled positions," the firm said on its blog, and poor hiring practices are causing unnecessary stress and productivity breakdown.
A survey of over 50 hiring organizations revealed that a lack of real-time cybersecurity salary data results in rejected offers and delayed hiring processes.
Other findings included:
- Cybersecurity positions remain open for an average of six months before the company engages with an external recruiting firm.
- Hiring managers tend to use personal networks and social media rather than traditional HR recruiting channels.
- Despite regular salary reviews and adjustments, companies still have a difficult time meeting cybersecurity industry demands.
"Poor talent retention rates are getting even worse because open positions mean teammates are overworked,” Diamond said. “By the time an open position is filled it's too late; another person on the team is now leaving.”
The drain could have long-term implications, increasing the chance of companies being ill-prepared for inevitable attacks. They are certainly coming with greater frequency and if there is not enough staff on hand, the damage could be scorching.