Mind the gap: Top cybersecurity vendors report 'epidemic' of staff shortages

Cybersecurity Ventures flags up worsening skills gap as it unveils its latest Cybersecurity 500 list

Intelligence analyst Cybersecurity Ventures has flagged up a skills shortage "epidemic" in the cybersecurity market as it unveiled its latest quarterly list of the world's hottest cybersecurity companies.

The California-based research firm has compiled a quarterly Cybersecurity 500 list since 2015, cataloguing what it sees as the hottest and most innovative industry leaders in IT security based on a variety of factors (see bottom).

Feedback from 2017's top cohorts - including first on the list Herjavec Group, IBM Security (second), and Raytheon Cyber (third) - has revealed growing concern over the widening gap between security threats, and the number of people qualified to tackle them, its chief executive Steve Morgan told CRN.

"The single biggest trend, globally, is that there are chronic shortages of qualified cybersecurity staff. It's an absolute epidemic." Morgan warned.

Meanwhile, Morgan said recent research his firm conducted predicts that cybercrime damages will cost the world $6tr (£4.7tr) annually by 2021, up from $3tr in 2015.

"From the end of 2013 to 2015, Cisco published research on global cybersecurity that showed there were one million cybersecurity positions open globally," Morgan said, adding that Cybersecurity Ventures' own research suggests that this deficit will become more dramatic.

"Due to the growth in cybercrime, by 2021, we expect there to be 3.5 million vacant cybersecurity job openings. So the pipeline of security talent isn't where it needs to be to help curb the rise in more widespread, and more sophisticated, cybercrime."

Morgan argued that shortfalls in specialised education in IT and computer science around the world urgently needs to be addressed.

"Companies are already resorting to getting new graduates in, who simply don't have the experience… Our colleges and universities are not putting enough of these people out. And why is that? Because they don't have enough experienced professors to pass on this training."

However, Morgan praised what he described as innovative market leaders who are proactively trying to address this issue. He highlighted Knowbe4 for educating the workforce at large.

Based in Florida, one of Knowbe4's equity partners is the world-famous US former hacker Kevin Metnick. The company's ethos is that every IT position is now a cybersecurity position, and any naïve employee a potential weakest link.

Knowbe4 trains staff to recognise the warning signs of ransomware - which Cybersecurity Ventures said is trending up and has resulted in $5bn in damages globally in 2017 alone - spear phishing and fraudulent emails.

"This lack of basic knowledge is plaguing the industry. For instance, some software developers don't understand IT security, and vice versa," Morgan said.

"Every corporation must provide their staff with that kind of training."

Of the top 10 ranked firms, seven are based in the US; one in Canada; one in IT security hub Israel; and one UK outfit: Sophos.

Other UK high flyers include BAE Systems (14), BT (29), PwC (32), NNT (54) and KPMG (57).

Lombardy, Italy-based company DFLabs was the highest-ranked continental European firm, at number 19.

The Cybersecurity 500 is updated every quarter and is based on criteria including the following:

• Cybersecurity sector (market category)

• Problem(s) solved

• Customer base

• Feedback from CISOs and decision makers

• Feedback from IT security evaluators and recommenders

• Feedback from VARs, SIs and consultants

• VC funding

• Company growth

• Published product reviews

• Demos and presentations at conferences

• Corporate marketing and branding

• Media coverage

• Notable implementations