Kaspersky Lab Survey Reveals the Financial Impact of the IT Security Talent Shortage

Woburn, MA – August 16, 2016 –Kaspersky Lab today released its 2016 Corporate IT Security Risks survey¹ which found that large businesses with a small amount of full-time security experts pay almost three times more to recover from a cyberattack than those businesses with in-house expertise.

In March-April 2016, a survey about attitudes and experiences with cybersecurity was conducted of more than 4,000 company representatives in different industries and of various sizes. The findings show a general shortage in full-time security staff and expert talent availability which calls for the need for more specialists in the field.

The research shows that large businesses hiring outside help pay between $1.2M - $1.47M to recover from a cybersecurity incident, compared to those large businesses who have in-house skilled IT security experts to handle a crisis who pay between $100K - $500K. This is due to a significant amount of recovery costs going toward additional staff wages to hire external expert help – on average costing $14K for SMBs and $126K for enterprises.

Businesses, large and small, don’t have the full-time security expertise to properly handle an attack on their own. Only 15 percent of the employees in an IT department of a large company are dedicated to security. For example, in a large business that equals 39 specialists in a typical team of 220 experts managing all aspects of the infrastructure. For SMBs, there are only two security experts out of a team of 16 IT professionals. With an average of 315,000 malware threat detected on a daily basis, businesses need to reconsider proactively enhancing their security defenses.

Surprisingly, nearly half (48 percent) of businesses admit there is a talent shortage and a growing demand for more specialists (46 percent). Proactively hiring new staff to employ experts before an incident, rather than bringing them in to pick up the pieces, significantly lowers the average IT costs and helps better protect the business.

Citing complexity of IT infrastructure, compliance requirements, and the overall desire to protect business assets, companies are willing to grow their security intelligence. In fact, for a third of businesses, the improvement of specialist security expertise is one of the top three drivers for an additional investment in IT Security.

Overall, 68.5 percent of companies expect an increase in the number of full-time security experts, with 18.9 percent expecting a significant increase in headcount. Higher education is an important part of fulfilling such a demand, but this is also a call for a change within the security industry itself. One of the solutions is to aid universities with relevant experience.

Another very important long-term solution is to adapt R&D efforts towards the effective sharing of intelligence with corporate customers in the form of threat data feeds, security training, and services. A proper combination of security solutions and intelligence is what allows corporate security teams to spend less time and money on regular cybersecurity incidents and focus on strategic security development and advanced threats.

“In this evolving industry the relationship with our customers already goes beyond the shipment of a technology or a product – to providing the skills and training necessary to identify on-going attacks,” said Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab. “Sharing detailed research about attacks on other businesses, in the form of intelligence reports, is also necessary, along with actionable, machine-readable data about on-going threats. Solving the different challenges of threat prevention, detection, incident response and prediction requires a lot of flexibility and experience and we are dedicated to helping grow the security expert workforce around the world.”

Recently, Kaspersky Lab launched Talent Lab, an international competition for university students and young professionals to help them start their career in the field of IT Security. More information about the program can be found at Kaspersky Lab’s website: academy.kaspersky.com/talentlab

The full survey report titled, “Lack of Security Talent: An Unexpected Threat to Corporate Cybersafety” is available at Kaspersky Lab’s website here.

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.

Learn more at www.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact:
Denise Bertrand
781.503.1836
denise.bertrand@kaspersky.com

¹ Corporate IT Security Risks is the annual survey conducted by Kaspersky Lab in cooperation with B2B International. In 2016 we have asked 4395 representatives of small, medium and large businesses from 25 countries on their views on IT Security and real incidents they had to deal with.