By: Peter R. Kelley
New research from Omdia and Cybrary drives home the need for organizations to invest in sustained and ongoing professional development and upskilling for their cybersecurity teams, particularly during periods of economic uncertainty such as we currently find ourselves in.
Cybrary experts note the potential reputational and economic fallout that is all but inevitable when lax cybersecurity practices are exposed by a cybersecurity incident, and that such accountability can be particularly pointed in periods of economic turmoil.
Cybrary CEO Kevin Hanes noted “The Omdia research paints a clear picture of the rewards of organizations proactively investing in training and upskilling their security professionals. It codifies the fiscal and reputational paybacks in proactively improving cybersecurity defenses versus responding to attacks, and also codifies an often-underrecognized benefit of cybersecurity upskilling: helping the organization retain invaluable security talent despite market and organizational uncertainty.”
“The benefits of professional training are seen in the impact the employee has on the organization, in the overall risk posture of the organization, and in the costs associated with finding and retaining highly skilled employees,” said Omdia senior analyst Curtis Franklin. “The key takeaway at this point is that global business executives have recognized the tangible benefits that come from continuing professional cybersecurity education and the significant added risks that come from a workforce composed of under-trained individuals.”
Among key findings in the report “Myths of Training Cyber Professionals” are:
- 73% of respondents said their team’s cybersecurity performance was more efficient because of ongoing professional cybersecurity training (efficiency encompasses threat intelligence, compliance audit readiness, and secure asset inventory).
- 62% of respondents said that training improved their organization’s cybersecurity effectiveness (which encompasses decreases in the number of breach attempts and overall security events).
- 79% of respondents ranked professional cybersecurity training at the top or near the top of importance for the organization’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.
- 70% of companies reported a relationship between an incident and training, and fully two-thirds of respondents reported increased investments in ongoing cybersecurity training after a security incident.
- Large enterprises (15,000+ employees) are the least likely to delay upskilling until after an incident, indicating that companies with larger cybersecurity teams firmly understand the importance of ongoing professional training. In contrast, 67% of surveyed SMBs invested in cybersecurity training after a security incident, which served as a call to action.
- 53% invested in professional cybersecurity training due to a cybersecurity insurance audit.
- 48% of organizations agreed that cybersecurity training drives retention and decreases the likelihood that a cybersecurity professional will leave the organization that trains them, while 41% say that ongoing cybersecurity training has no significant impact on if a cybersecurity professional leaves.
“While headcount is a growing concern with hiring freezes and reductions, the pressure security professionals face doesn’t stop or slow,” Hanes said.
Download “Myths of Training Cyber Professionals” here.
Did you invest in professional cybersecurity training due to an incident?