The seemingly universal problem of attracting and retaining skilled workers is a headache that can reduce efficiency, hurt morale and eat into the bottom-line. But when it comes to having enough IT and cybersecurity, where the talent gap is much higher than in the workforce at large, the consequences can be far more dire.

The Center for Strategic and International Studies, a respected Washington think-tank, sized up the shortage and the problems caused by it in a study for Intel that surveyed hundreds of IT managers and professionals in the United States and seven other countries.

“The continued skills shortage creates tangible risks to organizations, and companies say they have already incurred damages as a result of this workforce gap,” CSIS warned in Hacking the Skills Shortage.

Indeed, simple word or rumor of a company’s IT skills shortage alone can lead to cybercriminals sniffing around. More than a third of those surveyed said “their organizations, unable to maintain adequate cybersecurity staff, have been targeted by hackers who suspect a shortage of cybersecurity skills at their organization,” CSIS said.

The survey also reported the following:

  • 25% of respondents said their companies had lost proprietary data in cyber attacks
  • 22% believed they had suffered reputational damage as the result of attacks
  • 17% said the skills shortage had reduced the ability of their company to create new products and services

CSIS said the ultimate solution to the skills shortage is to dramatically increase the number of people educated and trained as cybersecurity experts. That may sound obvious, but the report said the current educational infrastructure is incapable of turning out a much larger and steady stream of IT pros.

“Simply put, most educational institutions do not prepare students for a career in
cybersecurity. Our research suggests that cybersecurity education should start
at an early age, target a more diverse range of students, and provide hands-on
experiences and training,” CSIS said.

“Most institutions of higher education do not offer cybersecurity concentrations and do not guide graduates to cybersecurity professions,” said the report.

CSIS urged universities to work with employers and the government to craft curricula based on real-world needs. “Programs should focus on hands-on learning in the form of labs and classroom exercises to provide people with robust and practical skills in this field,” it added.

While schools and colleges develop a more robust program, employers should consider relaxing degree requirements for entry-level cybersecurity workers “and place greater stock in professional certifications and hands-on experience for evidence of suitable skills.”