Companies Take 6 Months To Fill Cybersecurity Roles

A Kaspersky survey has found that 48 percent of companies globally require upwards of 6-months to find and appoint a qualified cybersecurity professional. In the Middle East, Turkiye, Africa (META) region, 46 percent of organisations gave the same feedback. A lack of proven experience was cited as one of the biggest challenges, along with the high cost of hiring and global competition in talent acquisition.

With global labour markets still clamouring for InfoSec professionals, the latest Kaspersky research has revealed that 41 percent of companies admit their cybersecurity teams are understaffed. This problem is also sensitive for the META region, where 43 percent of organisations claim to be understaffed.

‘The portrait of the modern Information Security professional’ survey sought to evaluate the current state of the labour market and analyse the exact reasons it lacks sufficient cybersecurity experts. The study also identifies the skills and characteristics companies are searching for when hiring staff¹.

Respondents say it takes more than 6-months to fill an average information security position. As expected, recruitment for senior level positions takes the longest, with 36 percent of companies saying it requires almost a year or more, while junior positions may be filled in the shortest time – one to three months, according to 42 percent of respondents.

In the META region, 47 percent say junior level positions are filled within three months, while recruiting senior staff takes 6-12 months, according to 50 percent of respondents. These figures are alarming since companies that operate for long periods of time without the necessary staff are at huge risk, as the absence of cybersecurity personnel provides cybercriminals ample opportunity to penetrate business infrastructure and damage business processes.

“Companies often spend a lot of time – and money – not only on the hiring process, but also on additional training for the team, in attempts to develop a diverse workforce within the company, with the right knowledge and skills. This strategy is effective for big companies and for organisations that have to comply with many local regulations and international standards of best practices. As for small and medium-sized businesses, it’s usually recommended to outsource cybersecurity tasks to managed security services providers (MSSP) because it helps them close talent gaps in a short time and with minimum loses,” comments Ivan Vassunov, VP, Corporate products, Kaspersky.

When asked about the biggest challenges in finding and hiring the ‘right’ InfoSec professional, majority of respondents cited a discrepancy between certification and real practical skills (52 percentglobally, 55% in META) and lack of experience (49 percent globally, 48 percent in META) emphasising that proven proficiencies is one of the most important criteria companies are looking for when searching for a cybersecurity practitioner.

The high cost in hiring these specialists is an obstacle for 48 percent of employers (51 percent in META), and global competition, expressed through aggressive and competitive hiring practices by multiple organisations, bothers more than 41 percent of respondents (50 percent in META). Figures like these show that, even if a company finally finds candidates who meet all the requirements, it doesn’t mean that they will work for that company, as in such a competitive environment, other organisations may headhunt them, so the hiring process could continue indefinitely.