Executive Summary
The shortage of skilled information security practitioners continues to grow around the globe. In the US, for organizations with at least 500 employees, Enterprise Management Associates found in a June 2020 survey that the average number of open positions enterprises are trying to fill is 1,324. For the largest percentage of respondents in this EMA survey, that number increased between 1% and 25% over the last year, although that increase is higher for large enterprises.
With the unemployment rate for skilled IT security practitioners at zero, it’s no surprise turnover is a significant issue for many, but especially for midmarket organizations with 500 to 999 employees, with the largest percentage of those seeing annual turnover rates of between 20% to 30%. On the bright side, midmarket companies and very large enterprises are not seeing an increase in the amount of time it takes to replace lost expertise.
On the not-so-bright side, the struggle to attract and retain cybersecurity talent increases the amount of time it takes to remediate a threat, and large enterprises are unable to adequately manage all the security tools they use.
It’s not surprising, then, that automation within security tools has become a major selection criterion in adopting new tools or replacing existing ones for 98% of all respondents. Among 13 different classes of security tools in use, those that respondents indicated gave their organizations the biggest productivity boost include IDS/IPS, digital threat intelligence management, and deception technology. Security orchestration, automation, and response (SOAR) platforms dedicated to streamlining security threat and risk management workflows were ranked somewhere in the middle, most likely because of the level of effort required to operationalize them.
