Organizations across Asia are facing challenges in recruiting and retaining cybersecurity talents, a skills shortage that’s putting them at risk amid increasing occurrence of security breaches and resulting financial losses, findings from a research by cybersecurity firm Fortinet show.
The 2022 Cybersecurity Skills Gap Report, released in April, shares results of a survey conducted among more than 1,200 IT and cybersecurity decision-makers from 29 different locations.
The study, which sought to understand cybersecurity professionals’ key concerns around talent, recruitment, diversity and security awareness, found that in Asia, a staggering 72% of respondents reported experiencing at least one breach during the last 12 months that they could attribute to a lack of cybersecurity skills and/or awareness.
This figure shows the struggle organizations face in hiring technology-qualified talents for cybersecurity, a predicament that’s resulting in severe consequences. Globally, almost 40% of respondents said they’ve suffered breaches that cost more than US$1 million to remediate.
Recruitment and retention challenges
Looking deeper into the areas where organizations struggle the most, the research found that APAC businesses are having a hard time finding and retaining qualified cybersecurity professionals. 60% of leaders in Asia admitted their organization struggles with recruitment and 57% said they struggle to retain talent.
Critical security roles, including cloud security specialists (57%), security operations analysts (50%), and security administrators and architects (49%), were named among the most sought-after roles in cybersecurity globally.
APAC businesses are not just actively looking to expand their cybersecurity workforce, they are also looking to build more diverse teams.
Regionally, 90% of companies said they have explicit diversity goals as part of their hiring strategy, with 75% indicating having formal structures to specifically recruit more women and 59% having strategies in place to hire minorities. Additionally, 65% of organizations said they have efforts in place to hire more veterans.
The International Information System Security Certification Consortium (ISC2) estimates a cybersecurity workforce shortage of 1.42 million in APAC – the largest regional workforce gap in the world.
Cybersecurity hiring trends differ greatly depending on an organization’s size, data from the 2021 ISC2 Cybersecurity Workforce Study show.
In 2021, larger APAC enterprise employers remained relatively steady in their hiring demand, already surpassing pre-pandemic levels. APAC small and medium-sized enterprises (SMEs) and mid-market organizations, on the other hand, were found to be lagging behind their global counterparts in intent to hire, suggesting relative softness on the topic of cybersecurity.
Asia becomes the most targeted region
This is despite a reported surge in cyberattacks and breaches across the region. A 2021 study by American-Israeli cybersecurity solutions provider Check Point Software Technologies found a jaw-dropping 168% year-on-year (YoY) increase in cyberattacks in May 2021 in APAC. The firm estimates that, on average, an organization in the region suffers from 1,245 attacks on a weekly basis.
At IBM, the firm observed that in 2021, Asia became the most-attacked region in the world, receiving 26% of attacks detected by its security offering, X-Force.
Finance and insurance organizations were attacked most frequently in the region, making up 30% of the incidents X-Force remediated, followed closely by manufacturing (29%) and then more distantly by professional and business services (13%) and transportation (10%). Japan, Australia and India were the most-attacked countries in Asia.
Featured image credit: edited from Freepik