In a global study conducted by Kaspersky, it has been revealed that over 40% of companies are struggling to find qualified cybersecurity professionals, thereby heightening their risks. The research was conducted amongst 1,000 Information Security (Infosec) professionals, highlighting that 41% acknowledged their employer's understaffing within their cybersecurity departments. Most notably, roles such as Information Security researchers and malware analysts have been challenging to fill.

The study comes as cybercrime accelerates worldwide, with the demand for Infosec professionals in business growing in parallel. Despite this, companies continually find themselves wrestling with a shortfall of physically skilled workers who meet their high-level expertise requirements. Previous research conducted by (ISC)2 cybersecurity workforce study identified a workforce gap of nearly 4 million Infosec workers in 2022.

Kaspersky's recent project titled 'The portrait of a modern Information Security professional' sought to assess the global recruitment market and identify the reasons behind the cybersecurity skill shortage. The survey questioned 1,000 Infosec professionals from regions such as Asia-Pacific, Europe, the META region, North and Latin America.

This study found that 41% of companies described their cybersecurity teams as somewhat or significantly understaffed. The largest deficits in cybersecurity staffing were reported in Russia, followed by Latin America, APAC, and META. The most understaffed positions identified were Information Security Research and Malware Analysis, with over 40% of companies citing recruiting in these areas as the most challenging. Europe, Russia, and Latin America reported increased demand for these positions.

A slight decrease in understaffing was reported in Security Operations Center (SOC), Security Assessment, and Network Security roles at 35% and 33% respectively. Positions for SOC experts were particularly scarce in APAC, whilst the shortage of Security Assessment and Network Security analysts was more of a concern in the META region. The lowest number of vacancies were found within Threat Intelligence, despite high demand, with 32% of businesses requiring these roles.

Considering the need for cybersecurity across industries, the government sector reported the steepest demand for cybersecurity professionals, with nearly half (46%) of required Infosec roles remaining unfulfilled. The telecom and media sectors trailed behind, with 39% of positions left open, and an understaffing rate of 37% reported within retail, wholesale, and healthcare. Alarmingly, IT and financial services sectors reported high vacancy rates with 31% and 27% of required positions remaining vacant, respectively.

In an attempt to tackle these hiring issues, companies have been offering high salaries and improved working conditions, alongside updated training and bonus packages. However, these attempts to draw in more skilled workers have proven insufficient. As Vladimir Dashchenko, Security Evangelist, ICS CERT, Kaspersky, explained, "The growth rate of the domestic IT market in some developing regions is changing so rapidly, the labor market cannot manage to educate and train the appropriate specialists with the necessary skills and expertise in such tight deadlines."

To manage the skills shortfall, Kaspersky experts have recommended several steps: adopting managed security services to gain extra expertise without additional hiring; investing in additional cybersecurity training for their staff; running simulations to assess decision-making in critical situations; and using automated systems such as Kaspersky Extended Detection and Response (XDR) to relieve the burden on IT security teams.