According to a study titled ‘The portrait of the modern Information Security professional’ conducted by Kaspersky, an eye-opening 70% of businesses are allocating over $100,000 annually towards the continuous education of their cybersecurity personnel. This financial commitment underscores the critical nature of maintaining a workforce that’s not only competent but also ahead of the cybercriminal curve.
The study, however, uncovers a disconcerting gap in the availability and effectiveness of these educational endeavors. Despite the significant expenditure, companies are grappling with a shortage of courses that adequately address the emergent and complex challenges of the cybersecurity realm. This disconnect between the industry’s needs and the educational market’s offerings has raised concerns about the return on investment in such training programs. A considerable portion of the surveyed firms reported dissatisfaction, noting that the outcomes of these costly training initiatives often fell short of expectations.
Further analysis reveals a nuanced landscape of corporate investment in cybersecurity education. While 43% of organizations earmark between $100,000 to $200,000 for this purpose, a notable 31% extend their budget beyond the $200,000 mark. Conversely, a smaller segment (26%) limits their spending to under $100,000, highlighting a varied approach to addressing this critical need across different sectors.
The study also delves into the perspectives of cybersecurity professionals themselves, with 39% expressing concerns over the adequacy of corporate training programs. These individuals are taking matters into their own hands, willing to invest personal funds to access additional training that promises to keep their skills sharp and relevant. This trend underscores a proactive stance among professionals striving to navigate a rapidly shifting cyber threat landscape.
Yet, the quest for comprehensive and timely cybersecurity training is fraught with obstacles. A significant portion of practitioners (49%) lament the scarcity of courses tackling novel and complex challenges. The issue is compounded by the rapid pace of technological advancement, leaving educational institutions struggling to catch up and deliver relevant content.
Additionally, nearly half of the respondents cited the inability to apply what they learned in practical settings as a major drawback of existing programs, leading to a quick erosion of newly acquired knowledge. This phenomenon not only diminishes the value of the training but also reflects a misalignment between course content and real-world applicability. Furthermore, unexpected prerequisites such as coding and advanced mathematics have emerged as barriers for 45% of those seeking to enhance their cybersecurity skills, indicating a need for clearer communication and curriculum planning from training providers.
To effectively upskill cybersecurity teams, Kaspersky experts recommend the following:
- Invest in quality cybersecurity courses for the staff to keep them up to date with the latest knowledge. With practically oriented Kaspersky Expert training, InfoSec professionals can advance their hard skills so they can defend their companies against attacks.
- Use interactive simulators to test employees’ expertise and assess the way they think in critical situations. For instance, with the new Kaspersky interactive ransomware game they can observe the way the company’s IT department deploys, investigates and responds to an attack, and makes vital decisions with the game’s main character.
- Provide your InfoSec professionals with in-depth visibility into cyberthreats targeting your organization. The latest Threat Intelligence will supply them with a rich and meaningful overview across the entire incident management cycle and help to identify cyber risks in time.