Skip to main content

Studies show cybersecurity skills gap is widening as the cost of breaches rises

Illustration, 3D red padlock on blue, red binary code on screen background.
Image Credit: Wachirawit Jenlohakit/Getty Images

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


The cybersecurity skills crisis continues on a downward trend, impacting over half (57%) of large organizations. At the same time, companies are incurring steep costs from data breaches, with breaches costing companies an average of $4.24 million per incident — a nearly 10% increase over 2020.

Those stats are according to separate reports released today by IBM and the Information Systems Security Association (ISSA), which paint a picture of a cybersecurity industry facing multiple challenges as the pandemic accelerates digital transformations. In partnership with the Enterprise Strategy Group (ESG), the ISSA published its fifth annual global survey of cybersecurity professionals, while IBM launched its 17th annual Cost of a Data Breach report with the Ponemon Institute.

According to ISSA and ESG, the cybersecurity skills shortage and its impacts haven’t improved over the past few years, and 44% of professionals say it’s only gotten worse. A major factor is the lack of “appropriate” compensation, with 38% of respondents to the survey citing it as their top reason.

The findings agree with a recent International Information System Security Certification Consortium study, which pegs the number of unfilled cybersecurity positions around the world at 4.07 million. That same report projects that the industry will triple in size year-over-year through 2022, potentially exacerbating the problem.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

Part of the problem is that cybersecurity professionals don’t have well-defined careers or find themselves working in security without a complete skill set. Last year’s ISSA and ESG survey revealed that “growth activities,” such as finding a mentor, getting cybersecurity certifications, taking on internships, and joining a professional organization, were the missing steps in their journeys. Moreover, executives often don’t understand the role of information security, so cybersecurity leaders are forced to take on advocacy roles to develop talent on-staff.

Rising cost of breaches

The worsening skills shortage comes as companies are adopting breach-prone remote work arrangements in light of the pandemic. In its report today, IBM found that the shift to remote work led to more expensive data breaches, with breaches costing over $1 million more on average when remote work was indicated as a factor in the event.

By industry, data breaches in health care were most expensive at $9.23 million, followed by the financial sector ($5.72 million) and pharmaceuticals ($5.04 million). While lower in overall costs, retail, media, hospitality, and the public sector experienced a large increase in costs versus the prior year.

“Compromised user credentials were most common root cause of data breaches,” IBM reported. “At the same time, customer personal data like names, emails, and passwords was the most common type of information leaked — a dangerous combination that could provide attackers with leverage for future breaches.”

IBM says that it found that “modern” security approaches reduced expenses, with AI, security analytics, and encryption being the top three mitigating factors. Together, these technologies saved large companies an estimated $1.25 million to $1.49 million. Hybrid cloud approaches also led to lower data breach costs ($3.61 million) compared with cloud ($4.80 million) and private cloud ($4.55 million) approaches. Moreover, organizations with “mature” zero trust strategies had an average data breach cost of $3.28 million to $1.76 million lower than those who hadn’t embraced the approach to begin with.

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.