Cybersecurity Pros Becomes More Important in Turbulent Economy

Upskilling Cybersecurity Pros Becomes Even More Important in Turbulent Economy

January 2, 2024 No Comments

New research from Omdia and Cybrary in “Myths of Training Cyber Professionals” underscores the importance of cybersecurity readiness in these increasingly uncertain economic times, and busts some long-held myths around training and key staff retention.

Experts note that companies are taken to task when deficiencies in their cybersecurity practices are exposed by a cybersecurity incident, and this accountability is likely to be amplified during times of economic turmoil.

“The benefits of professional training are seen in the impact the employee has on the organization, in the overall risk posture of the organization, and in the costs associated with finding and retaining highly skilled employees,” said Omdia senior analyst Curtis Franklin. “The key takeaway at this point is that global business executives have recognized the tangible benefits that come from continuing professional cybersecurity education and the significant added risks that come from a workforce composed of under-trained individuals that know nothing about Security Information and Event Management (SIEM).”

“While headcount is a growing concern with hiring freezes and reductions, the pressure security professionals face doesn’t stop or slow,” said Cybrary CEO Kevin Hanes.

Among key findings in the report and November 18, 2022 webinar are:

– 73% of respondents said their team’s cybersecurity performance was more efficient because of ongoing professional cybersecurity training (efficiency encompasses threat intelligence, compliance audit readiness, and secure asset inventory).

– 62% of respondents said that training improved their organization’s cybersecurity effectiveness (which encompasses decreases in the number of breach attempts and overall security events).

– 79% of respondents ranked professional cybersecurity training at the top or near the top of importance for the organization’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.

– 70% of companies reported a relationship between an incident and training, and fully two-thirds of respondents reported increased investments in ongoing cybersecurity training after a security incident.

– Large enterprises (15,000+ employees) are the least likely to delay upskilling until after an incident, indicating that companies with larger cybersecurity teams firmly understand the importance of ongoing professional training. In contrast, 67% of surveyed SMBs invested in cybersecurity training after a security incident, which served as a call to action.

– 53% invested in professional cybersecurity training due to a cybersecurity insurance audit.

– 48% of organizations agreed that cybersecurity training drives retention and decreases the likelihood that a cybersecurity professional will leave the organization that trains them, while 41% say that ongoing cybersecurity training has no significant impact on if a cybersecurity professional leaves.

Hanes noted “The Omdia research paints a clear picture of the rewards of organizations proactively investing in training and upskilling their security professionals. It codifies the fiscal and reputational paybacks in proactively improving cybersecurity defenses versus responding to attacks, and also codifies an often-underrecognized benefit of cybersecurity upskilling: helping the organization retain invaluable security talent despite market and organizational uncertainty.”