The shortage of staff in cybersecurity — commonly known as the “competency gap” — is causing an increase in the expenses associated with data breaches in recent times, as indicated by ten years of studies conducted by IBM.
The IBM Report on Data Breaches for 2024 discovered that over fifty percent of breached entities encountered serious deficiencies in security personnel, a rise of 26.2% from the prior year. This observation was derived from a statistical examination of information from in-depth discussions with more than 600 organizations that encountered data breaches in the preceding year.
The report for 2024 explicitly connects the inadequacy of staff to cybersecurity:
“As noted within the industry, cybersecurity teams are consistently undermanned. The current study identified that more than half of breached organizations dealt with severe shortages in security personnel, showcasing an expertise gap that grew by two times from the year prior. The demand for skilled security personnel is increasing as issues within the threat landscape broaden. The ongoing push to incorporate cutting-edge AI across virtually every department in the organization is expected to introduce unparalleled threats and place more stress on these cybersecurity teams.”
The “2022 Report on the Expenses of Data Breaches” highlighted a direct correlation between shortages in personnel and higher costs incurred due to data breaches. Corporations with inadequately staffed security units faced an average breach cost of $4.56 million (which was $550,000 higher compared to those with adequate staffing).
Similarly, the report for 2024 demonstrated that the expanding competency gap contributed to a $1.76 million growth in average breach expenses.
Check out the Report on the Expenses of Data Breaches
The shortfall in cybersecurity skills is just one element of the puzzle
Various factors contribute to both the inadequacies and the escalating expenses resulting from data breaches. One factor is the continually expanding attack surface. The most recent report highlighted the swift adoption of new technologies, such as inventive AI, contributing to the widening skills gap. According to the 2024 report, “The ongoing push to adopt inventive AI across almost every department in the organization is anticipated to bring extreme risks and put more pressure on these cybersecurity teams.”
Corporations are embracing new technologies, leading to a growth in the complexity of cybersecurity. Novel technologies often necessitate specific skills and specialization. Therefore, one factor contributing to the skills gap is the rapid demand for new capabilities owing to the evolution of technologies outpacing the training of professionals possessing those skills.
The 2022 Report on the Expenses of Data Breaches also pointed out that the escalating number of incidents, combined with the shift to remote work due to the pandemic, amplified workloads, stress, and pressure, resulting in burnout and exacerbating the skills deficit.
According to Sam Hector, Senior Strategic Leader at IBM Security, the inadequacies in security staffing worsen over time. He cited three consequences of lacking the essential cybersecurity expertise:
- “The time required to handle alerts increases as the queue of incidents for review lengthens, making breaches more probable. Attackers spend longer time undetected within your system, leading to increased dwell times. The extended detection time directly results in higher average breach costs.”
- “Teams stretched too thin lack the time to enhance cybersecurity procedures, integration, and effectiveness. They are unable to practice routines and engage in further training as their focus is primarily on maintaining operations. As a consequence, they become less effective over time in comparison to the evolving threat landscape, leading to misconfigurations and vulnerabilities that attackers can exploit.”
- “If a particular industry, region, or organization is identified to be struggling in securing cybersecurity expertise, they become more vulnerable to targeted attacks from potential adversaries anticipating weaker defenses.”
Additionally, he highlighted, “IT needs to expand in size and sophistication continuously, as emerging technologies such as Inventive AI and Hybrid Cloud environments amplify the attack surface, expanding the complexity and range of systems requiring protection, thereby adding additional pressure on security teams.”
How to address the skills deficit
Recent IBM Reports on the Expenses of Data Breaches recommend specific strategies to help corporations tackle the skills deficit in cybersecurity. Here are the primary suggestions:
Outsourced security services: Leveraging outsourced security services could provide assistance. Delegating certain security tasks to specialized external providers could alleviate some of the burden on internal teams and offer access to expertise and knowledge that might be lacking in-house.
Simplified environments: Minimize complexity whenever feasible. While this might be challenging in the face of staff shortages, it can yield long-term benefits. According to the 2024 report, such simplification resulted in an average cost savings of $1.64 million.
Training and skill development: Conduct evaluations to identify areas where employees require enhancement. Making investments in targeted training can bring missing skills in-house and foster internal cybersecurity capabilities. Facilitate access to cybersecurity training programs, workshops, and courses. Extend financial incentives or reimbursement to employees pursuing relevant certifications. Map clear career progression paths for employees interested in cybersecurity roles. Promote a culture of knowledge exchange and mentorship within the organization. Companies can transform their existing IT staff into cybersecurity experts already familiar with the company’s infrastructure by enhancing and updating their skills. As per the 2024 report, retaining and training staff led to an average cost reduction of $259,000.
Compensation and perks: Offering competitive pay and benefits packages can aid your organization in attracting top talent. Introduce employee referral schemes. Recruit individuals from diverse backgrounds. Focus on retaining competent staff by nurturing a respectful and collaborative work environment.
Acquiring talent from educational institutions: Foster and sustain strong connections with local universities by collaborating on curriculum design and delivery, providing internships, and establishing a well-publicized pathway for recent graduates to enter your organization.
Prioritization: Implement a risk-based approach to prioritize all security tasks by concentrating limited resources on the most critical areas of risk, such as the most sensitive data, vital business infrastructure for resilience, and high-impact attack vectors.
Enhanced identity protection: Bolster security concerning identity. According to the 2024 report, the most prevalent and impactful attack vectors were predominantly focused on this aspect, with compromised or stolen credentials being the primary cause of breaches, followed closely by phishing.
AI and automation assisting in bridging the gap
Security automation, powered by AI and machine learning, can enhance efficiency and partially offset the effects of staff shortages.
AI can automate routine activities like data mining across connected data sources, threat intelligence feeds, and other open source intelligence, which would typically be performed manually by a tier 1 analyst, as per Hector. He stated, “It also enables teams to identify threats more rapidly by utilizing machine learning to evaluate vast datasets, such as network traffic or user behavior, to detect patterns indicative of potential risks.”
Using inventive AI tools, less experienced staff can access insights and recommendations, aiding in better decision-making, as noted by Hector. AI facilitates improved maintenance of intricate security environments by identifying misconfigurations and vulnerabilities and either rectifying them automatically or suggesting remedies.
“As a result, those extensively using AI have experienced average cost reductions in the wake of breaches amounting to $1.9 million, whereas entities employing AI extensively in prevention workflows specifically managed to save an average of $2.2 million on breach expenses,” Hector stated.
Security teams can concentrate on more intricate threats and incident response activities by automating routine tasks and deploying Security Information and Event Management (SIEM) systems to centralize security monitoring.