Mid-market cybersecurity jeopardised by talent turnover, research finds
Skill drain leaves mid-market firms vulnerable, Advania UK CEO tells CRN
High staff turnover is critically undermining cybersecurity capabilities in mid-market organisations across EMEA, independent research has revealed.
The study, conducted by Censuswide for cloud services provider Advania, found that only two per cent of mid-market firms retain "excellent" IT talent for over two years.
28 per cent lose top talent within just six months, a constant churn which severely hinders the development of robust cyber strategies.
Geoff Kneen, CEO of Advania UK, told CRN: "One of the reasons that the mid-market struggles to hold onto excellent IT staff is due to the underlying dynamics in the market.
"The technology market changes at pace and skilled IT professionals always want to stay at the top of their game.
"However, that may not always be front of mind for a mid-market organisation. For the mid-market, it is challenging to assign sufficient IT budget to compete with major enterprises.
"The trickle-down effect this turnover has on long-term cybersecurity hygiene and digital transformation aspirations can be significant."
Limited resources lead companies to neglect 'fundamental' measures
Despite heavy investment in training, basic security practices are neglected by most mid-market businesses.
Over half admit to overlooking fundamental measures like firewalls, antivirus, and regular patching.
Hege Store, group CEO of Advania, said: "This research uncovers the hidden truths of the mid-market.
"Our aim is ensuring these companies can integrate modern technology and scale securely at an affordable cost."
With limited resources, mid-market companies are failing to translate awareness into action.
47 per cent of respondents develop strategies in-house, yet remain dangerously exposed. Outdated practices make them prime targets.
Pravesh Kara, Advania's director for security and compliance, said: "Evolving threats demand proactive investment in qualified personnel.
"Failing to do so is a dangerous oversight. A data breach can have devastating consequences."
Alarmingly, 43 per cent expect cloud providers to cover data recovery costs following an attack.
However, legal liability often rests with the company itself. Just three per cent recognise their own responsibility.
Kara added: "Today every business is a potential target. Cybersecurity intelligence, protection, detection and response are crucial for mitigating risk."
With skill drain impeding accountability, many mid-market firms operate without expertise, unsure where accountability lies.
This leaves them vulnerable to unbudgeted remediation costs after an attack, the research found.
Store emphasised: "Our research prevents mid-market companies from feeling overlooked and encumbered.
"We help them integrate technology securely and affordably as they scale up."
To make matters worse, Gartner analyst John-David Lovelock recently told CRN the skills shortage will continue for another five years as firms should turn to managed services.
Lovelock explained the market is "a little interesting" as growth in spending does not equate to growth in use.
"With asset delivery and artificial intelligence, things are going to be changing this market around a bit," he says.
"There's going to be more corporations utilising managed services but paying less for the services that they consume."
He added the enterprise IT space still has an "unsolvable problem" of labour.
"Enterprises cannot attract, maintain and retain enough IT talent to meet their growing IT needs and are having to turn to consultancies to do the work. That includes managed services to continue to run their ongoing operations.
"While 5.4 per cent growth may not seem like a great number, when you look at their spending increases on their own staff, it starts to become a much nicer number."