Over 40% of companies globally are struggling to fill critical cybersecurity roles, particularly in information security research and malware analysis, as highlighted by a recent report from Kaspersky. This shortage is particularly acute in Europe, Russia and Latin America.
Additionally, security operations center (SOC) and security assessment and network security roles are understaffed, with figures around 35% and 33%, respectively.
The scarcity of SOC experts is particularly evident in the Asia-Pacific region, while the shortage of security assessment and network security analysts is mainly observed in the Middle East, Turkey and Africa. Despite this, threat intelligence remains in high demand, with only 32% of vacancies reported.
The government sector leads in demand for cybersecurity practitioners, with nearly half (46%) of its required security roles remaining unfilled. The telecom and media sectors follow closely behind, with a 39% understaffing rate, while retail and wholesale, and healthcare sectors face a 37% vacancy rate. Even industries with relatively fewer vacancies, like IT (31%) and financial services (27%), are still dealing with substantial shortages.
Commenting on these figures, Vladimir Dashchenko, security evangelist at Kaspersky’s ICS CERT, stressed the urgency for innovative solutions to address the shortfall.
“To reduce the shortage of qualified InfoSec professionals, companies offer high salaries, better working conditions and bonus packages, while also investing in up-to-date training with the latest knowledge,” Dashchenko explained.
Nonetheless, the executive further noted that, while these measures are being increasingly implemented, the research underscores their insufficiency. The rapid evolution of the domestic IT market in certain developing regions outpaces the labor market’s ability to adequately educate and train specialists within the requisite timeframe and with the necessary skills and expertise.
Read more on cybersecurity training: #HowTo: Improve Your Company's Cybersecurity Training
“On the contrary, regions with developed economies and matured businesses do not report such an acute shortfall of InfoSec professionals as their rates are below market average,” Dashchenko added.
Addressing this issue requires a comprehensive approach, including recruitment efforts, training investments and technological solutions to strengthen cybersecurity resilience in the face of evolving threats.