Study Reveals Cybersecurity Skills Shortage

The skills required for information security have changed in the last few years, according to IT security professionals in a recent survey. Security and compliance company Tripwire conducted the study with assistance from Dimensional Research, which revealed 93 percent of security pros are concerned about the cybersecurity skills gap, and 72 percent said it's more difficult to hire skilled security staff compared to two years ago.

The study findings are based on survey responses from 315 IT security professionals at U.S.-based companies with more than 100 employees.

Among the findings:

  • Just 20 percent of respondents said their company has hired people without specific security expertise for security roles, and 17 percent plan to do so in the next two years;
  • 50 percent plan to invest in training existing security staff;
  • 91 percent plan to supplement their security team by outsourcing for skills;
  • 88 percent said managed services would help solve the skills gap problem;
  • 96 percent said automation will play a role in closing the skills gap; and
  • 98 percent said that other functions, such as non-security teams, will be more involved in cybersecurity in the future.

"It's evident that security teams are evolving and maturing with the rest of the cybersecurity industry, but the pool of skilled staff and training simply aren't keeping up," said Tim Erlin, vice president of product management and strategy at Tripwire, in a statement. "For example, beyond their technical duties, security practitioners may now be expected to spend more time in boardrooms or in the CFO's office to secure more budget. While the makeup of the cybersecurity workforce may be changing, the fundamentals of protecting an organization have not. It will be critical during this transition to ensure there's a long-term strategy in place around maintaining their foundational security controls."

Erlin pointed out that security teams can look for help both within their organization and externally: "The skills gap doesn't have to be an operational gap. Security teams shouldn't overburden themselves by trying to do everything on their own," he said. "They can partner with trusted vendors for managed services or subscribe to service plans where outside experts can act as an extension of the team. Organizations should also understand that security is a shared responsibility across different functions, so people from other parts of the business should be involved in the cybersecurity program. And, of course, automation can add value not only in reducing manual work, but also in ensuring that everything is up-to-date and working as it should in real time. Security teams may just need to work more creatively."

More information on the study is available on the Tripwire site.

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • cloud, database stack, computer screen, binary code, and flowcharts interconnected by lines and arrows

    Salesforce to Acquire Data Management Firm Informatica

    Salesforce has announced plans to acquire data management company Informatica for $8 billion. The deal is aimed at strengthening Salesforce's AI foundation and expanding its enterprise data capabilities.

  • stylized AI code and a neural network symbol, paired with glitching code and a red warning triangle

    New Anthropic AI Models Demonstrate Coding Prowess, Behavior Risks

    Anthropic has released Claude Opus 4 and Claude Sonnet 4, its most advanced artificial intelligence models to date, boasting a significant leap in autonomous coding capabilities while simultaneously revealing troubling tendencies toward self-preservation that include attempted blackmail.

  • NVIDIA DGX line

    NVIDIA Intros Personal AI Supercomputers

    NVIDIA has introduced a new lineup of AI-powered computing solutions designed to accelerate enterprise workloads.