If your organization is struggling to keep cybersecurity professionals on staff, you are not alone. According to reports from the Information Systems Audit and Control Association (ISACA), the cybersecurity workforce is struggling to hire and retain qualified cybersecurity professionals1. Their latest survey report notes that sixty-three percent of respondents indicated that they have unfilled cybersecurity positions, up eight percentage points from last year. Sixty-two percent reported that the cybersecurity teams were understaffed, and one in five respondents asserted that it took takes over six months to find qualified cybersecurity candidates for open positions. Sixty percent of respondents indicated that they had difficulty retaining qualified cybersecurity professionals, and the top reasons for cybersecurity professionals leaving jobs included:
- Recruited by other companies (59%)
- Poor financial incentives in terms of salary or bonuses (48%)
- Limited promotion and development opportunities (47%)
- High work stress levels (45%)
- Lack of management support (34%)
Survey respondents noted the following skills gaps in today’s cybersecurity professionals are: soft skills (54%- [communication (57%), critical thinking (56%), problem solving (49%)]), cloud computing skills (52%), and security controls (34%). To address these skills gaps, respondents indicated that they are cross-training employees, decreasing enterprise university degree requirements, and are increasingly using contractors and consultants- up five percentage points from last year.
Addressing skills gaps and understaffing for cybersecurity positions may involve bringing in a managed service provider (MSP). An MSP is an outsourced third-party IT service company offering managed services to end users and organizations. MSPs are responsible for hosting and managing servers, specialized applications, and networks for their clients. MSPs typically manage clients’ IT infrastructure and/or end-user systems remotely and on a proactive basis under a subscription model.
Small and medium sized businesses (SMBs) are typical MSP clients, usually between 2-500 employees but most often between 20-100 employees. An MSP often covers many of these roles for SMBs in low-tech industries such as legal, financial, engineering, architecture, non-profit, government, manufacturers, and wineries. MSPs are on the pulse of current trends and innovations in IT, equipping them with the knowledge and insight to tackle issues in a rapidly developing IT landscape. Working with an MSP is often less expensive than hiring new talent, can reduce costly downtime, and is often paid for through predictable recurring monthly fees. Services can be structured to offer as little or as much support as a client desires.
1 ISACA, 2022, “State of the Cybersecurity Workforce: New ISACA Research Shows Highest Retention Difficulties in Years”