The Security Crisis: How the Skills Shortage Surge is Leaving Business Vulnerable

Cyber attacks surged during the pandemic as hackers took advantage of increased digital activity, with over 5,200 data breaches confirmed globally in 2021 so far, a sharp increase on the 3,950 reported in 2020.  Add to this stringent data protection laws and significant monetary fines, and it’s a combination that can leave businesses, in the UK and internationally, extremely vulnerable.

It’s not enough to be aware of the risks. Businesses must instead act to ensure sound cybersecurity knowledge is in place to react to ever-evolving threats. Further, strong knowledge in data protection is vital to adhere to any necessary legislation. With these issues potentially leading to a damaged reputation, as well as loss of business, customer confidence and critical business data, there is no doubt that these should be at the forefront of business priority lists globally.

At IONOS Cloud, we wanted to better understand the current challenges businesses are facing in the wake of the pandemic, and where cybersecurity and data protection standards are actually sitting on business IT priority lists. To uncover insights, we commissioned research, conducted by Censuswide, to poll over 600 UK IT decision-makers to collate their views and attitudes.

Identify your business’s skills gaps  

Our survey found over 40% of IT decision-makers admit to their business having a cybersecurity skills gap. A third (34%) of them say this is putting their organisation at risk of security threats. When asked, the top concerns facing IT decision-makers included increased DDoS attacks, phishing and scams as well as employees downloading unapproved apps and not storing data correctly.

Alongside this, four in 10 surveyed say they are facing a skills gap in data protection. A quarter of them states this means the business they work for isn’t as secure as it needs to be and that their organisation is not adhering to necessary legislation.

These statistics are shocking. They show how vulnerable organisations could be – to both cyber threats, and monetary fines. As a business leader, it’s essential to sit down with teams to understand first-hand where knowledge gaps currently exist and create a plan of action to plug these are soon as possible.

IT teams must feel confident and trust that senior leaders will listen when they raise concerns on how skills gaps are impacting the business. Bi-annual planning meetings can provide an opportunity to review skills across the business and get this conversation flowing. This allows senior leaders to map out the expertise in the business and identify the current gaps, working with IT teams to develop a strategy that considers upskilling staff, hiring new team members and outsourcing to external experts.

It’s important to show a willingness to learn about new skills yourself too. Engaging and taking an interest in understanding the impact and possibilities of new tech on the business will show teams that this is a business issue you’re taking seriously.

Upskilling – create competitive advantage in an uncertain future

Fortunately, while there is a clear skills gap IT teams do understand the importance of sound cybersecurity practices. More than three-quarters of those asked say it is either the top priority for their business or within the top three. However, our survey found that few teams actually had cybersecurity risk assessments in place.

Remarkably, only one-third of those surveyed have conducted one in the past 12 months, despite the COVID-19 pandemic fundamentally changing the way businesses operate. A further 12% had never conducted one and had no plans to do so, with 16% that had conducted one more than five years ago, when operations and businesses were likely significantly different, also having no plans to do another in the future.

This lack of understanding regarding the importance of risk monitoring can lead to irreparable damage, from both a time and cost perspective.

Fortunately, eight in 10 respondents say they do feel prepared to handle a cyber attack, despite any skills gap. Interestingly, investing in more secure cloud services came out as the main reason behind this.

Carefully planned and configured cloud deployments provide scalable, flexible, and most importantly secure operations for businesses. Working with IT teams to put a strategy in place tailored to your business’s needs, external cloud providers can offer an extra layer of defence and additional knowledge on ever-evolving cyber threats.

It’s essential to have procedures in place to effectively manage data across the business, and reputable cloud providers can store business-critical data safely and in compliance with strict regulations. For example, working with European-based cloud providers that adhere to GDPR – rather than those that must also work under laws such as the US CLOUD act – can be one way to help minimise risk when handling data.

Having an understanding of the ways cloud providers can positively impact data management and cybersecurity is essential for senior leaders. This awareness allows you to have more informed and considered conversations when choosing external providers allowing you to work with IT leads to put effective, cohesive strategies in place.

As a business leader, it’s essential to sit down with teams to understand first-hand where knowledge gaps currently exist and create a plan of action to plug these are soon as possible.

The security crisis – a collective business issue 

What’s clear from the new insights is that businesses understand the importance of both cybersecurity and data protection, but missing skillsets are leaving organisations at significant risk. That’s why it’s vital senior leaders take the skills gap seriously.

The data shows that working together with IT teams is a crucial part of the puzzle. A third of those asked said they felt more prepared to handle a cyber attack because senior leadership has put more focus on cybersecurity than ever before. This shows the importance of recognising the concerns of IT teams and putting measures in place to protect the business before it’s too late.

Alongside this, addressing the skills gap should span the whole business. While factoring in improved software with better cybersecurity measures is a sound way to protect the business at a strategic level, having an open dialogue with employees across all levels means cybersecurity and data protection knowledge is shared and best practices are front of mind at all times.

While it can take careful planning, businesses that factor in addressing the skills gap into the wider business strategy will reap the rewards. Factoring in recruiting new talent, upskilling teams, or investing in new software can take time, but the protection and long-term cost savings from a potential attack or data breach are hugely worthwhile.