Companies invest more than 100.000$ yearly to upskill their cybersecurity teams

Over 70% of businesses pay more than 100.000$ for additional training annually to keep skills of their cybersecurity employees up to date, a recent Kaspersky study has revealed. However, the surveyed companies also highlighted that there was a lack of relevant courses covering new challenging spheres in the educational market, and stated that training does not always bring them the expected result.

In its recent study ‘The portrait of the modern Information Security professional,’ Kaspersky examined the topic of the global cybersecurity staff shortage, analyzing the exact reasons businesses lack cybersecurity experts, and identifying the ways they evaluate and upskill their cybersecurity workforce.

According to the research, companies are investing significant amounts in upskilling their cybersecurity teams: 43% of organizations say they usually spend between $100,000 and $200,000 per year on information security courses, while 31% even invest over $200,000 for training programs. The remaining 26% state they usually pay less than $100,000 for educational initiatives.

However, cybersecurity practitioners in the META region also note that the educational market is struggling to keep up with the rapidly-changing industry and fail to deliver the necessary training programs on time. The research shows that the scarcity of courses covering new challenging spheres (48%) was the main problem for those searching for cybersecurity training.

50% of respondents also stated that trainees tend to forget what they learned because they had no opportunity to apply newly-acquired knowledge, therefore the courses were useless to them. The need for special training pre-requisites such as coding and advanced mathematics, which were not specified at the pre-registration stage were also problematic for 37% of practitioners.

META stats for localizing the graph

“With a constantly evolving threat landscape, businesses should continually improve the skills of their cybersecurity personnel in order to be well prepared for sophisticated cyberattacks. Developing high-profile specialists within the company and building internal expertise can be an effective strategy for organizations that aim to retain existing employees and allow them to grow professionally, instead of constantly hunting for new candidates and checking their professional backgrounds and practical skills. For organizations served by Managed Service Providers it is also important to maintain a pretty high level of expertise internally and use the same language when discussing the scope of services and Service Level Agreement with them,” comments Veniamin Levtsov, VP, Center of Corporate Business Expertise at Kaspersky.

To effectively upskill cybersecurity teams, Kaspersky experts recommend the following:

• Invest in quality cybersecurity courses for the staff to keep them up to date with the latest knowledge. With practically oriented Kaspersky Expert training, InfoSec professionals can advance their hard skills so they can defend their companies against attacks.
• Use interactive simulators to test employees’ expertise and assess the way they think in critical situations. For instance, with the new Kaspersky interactive ransomware game they can observe the way the company’s IT department deploys, investigates and responds to an attack, and makes vital decisions with the game’s main character.
• Provide your InfoSec professionals with in-depth visibility into cyberthreats targeting your organization. The latest Threat Intelligence will supply them with a rich and meaningful overview across the entire incident management cycle and help to identify cyber risks in time.

The full report with more findings on the global shortfall of qualified InfoSec professionals is available via the link.