Staff Shortages Impact Cyber Risk Management, Says (ISC)² Cybersecurity Workforce Survey

November 4, 2021  Jeff B. Copeland

We’ve all heard about the workforce gap in cybersecurity but for the first time the (ISC)² Cybersecurity Workforce Study, 2021 asked 4,700 security professionals about the damage that staff shortages inflict on their capabilities. Thirty percent of those surveyed answered “not enough time for proper risk assessment and management,” running close behind the number one negative effect, “misconfigured systems.”

“The list of issues cybersecurity professionals say can be prevented with enough people covers many root causes of reported data breaches and ransomware attack,” (ISC)² says.

On the good news side, when survey participants were asked about professional training they planned to pursue, 26% listed risk analysis and management as their goal, second to cloud computing security. The way out of the workforce gap, (ISC)² concludes: “Organizations need to invest in their people and smartly build their teams for long-term success,”

Workforce Shortage - ISC2

from the Cybersecurity Workforce Study, 2021

How RiskLens and the FAIR Approach to Quantitative Risk Analysis Helps with the Cyber Skills and Staff Shortage

Jack Jones, Chief Risk Scientist for RiskLens, wrote a provocative article, “To Confront the Cybersecurity Skills Shortage, Prioritize” arguing that:

“Organizations should look at the skills shortage as another reason to move to more effective risk management practices. When I review cybersecurity programs in organizations today, I often see a tremendous amount of wasted time and energy expended on concerns that shouldn’t be a priority.” 

The RiskLens platform offers the means to rapidly prioritize an organization’s cyber risks based on loss exposure (with the Rapid Risk Assessment capability), then run comparative analyses of risk treatments for return on investment in risk reduction with Risk Treatment Analysis. When deeper analysis of risk scenarios is required, RiskLens tools such as Data Helpers and Content Packs greatly accelerate the analysis process with prepackaged data, content, and scenarios. Learn more: Justify and Prioritize Cybersecurity Investment Decisions in an Hour.

Recognizing that many organizations are too short-staffed to field their own quantitative risk management teams, RiskLens introduced the RiskLens Pro managed service that reduces the complexity and costs of implementing and maintaining a FAIR-based program with regular reporting on an organization’s top risks, trends in risk and cost/benefit analyses provided by RiskLens experts.

For organizations that want to up-skill their staff, RiskLens is also the leading trainer for the FAIR methodology for cyber risk quantification. Learn more about the RiskLens Academy.