Cybersecurity Upskilling Is Increasingly Important in Uncertain Economy

Cybrary released new findings in “Myths of Training Cyber Professionals,” a research report from Omdia that dispels many of the myths associated with training cybersecurity professionals and the role of ongoing training in addressing the increase in security threats.

The report underscores the importance of cybersecurity readiness in uncertain economic times and busts myths around training and key staff retention.

Companies are increasingly being held accountable by customers, partners, insurers and other stakeholders for deficiencies in their cybersecurity practices when those issues are exposed by a cybersecurity incident, and this accountability is amplified during economic turmoil.

“The benefits of professional training are seen in the impact the employee has on the organization, in the overall risk posture of the organization, and in the costs associated with finding and retaining highly skilled employees,” wrote Omdia senior analyst Curtis Franklin. “The key takeaway at this point is that global business executives have recognized the tangible benefits that come from continuing professional cybersecurity education and the significant added risks that come from a workforce composed of under-trained individuals.”

Among key findings:

• 73% of respondents said their team’s cybersecurity performance was more efficient because of ongoing professional cybersecurity training (efficiency encompasses threat intelligence, compliance audit readiness, and secure asset inventory).
• 62% of respondents said that training improved their organization’s cybersecurity effectiveness (which encompasses decreases in the number of breach attempts and overall security events).
• 79% of respondents ranked professional cybersecurity training at the top or near the top of importance for the organization’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.
• 70% of companies reported a relationship between an incident and training, and fully two-thirds of respondents reported increased investments in ongoing cybersecurity training after a security incident.
• Large enterprises (15,000+ employees) are the least likely to delay upskilling until after an incident, indicating that companies with larger cybersecurity teams firmly understand the importance of ongoing professional training. In contrast, 67% of surveyed SMBs invested in cybersecurity training after a security incident, which served as a call to action.
• 53% invested in professional cybersecurity training due to a cybersecurity insurance audit.
• 48% of organizations agreed that cybersecurity training drives retention and decreases the likelihood that a cybersecurity professional will leave the organization that trains them, while 41% say that ongoing cybersecurity training has no significant impact on if a cybersecurity professional leaves.

“While headcount is a growing concern with hiring freezes and reductions, the pressure security professionals face doesn’t stop or slow. The Omdia research paints a clear picture of the rewards of organizations proactively investing in training and upskilling their security professionals. It codifies the fiscal and reputational paybacks in proactively improving cybersecurity defenses versus responding to attacks, and also codifies an often-underrecognized benefit of cybersecurity upskilling: helping the organization retain invaluable security talent despite market and organizational uncertainty,” said Cybrary CEO Kevin Hanes.

This report was based on interviews with a random sample of firms in the United States, Canada, and the U.K. A total of 275 executives, directors and security professionals who either procure or influence professional cybersecurity training were interviewed using a Computer-Aided Telephone Interview (CATI) methodology. Furthermore, additional primary and secondary research from Omdia’s ongoing coverage of cybersecurity training were brought to bear in the analysis.

Download a copy of this research here.