the current state of cybersecurityJP Morgan Chase, Target, Sony, T-Mobile… This is just a small handful of household-name companies that have headlined in recent years thanks to cyberattacks. But they’re far from being alone. Recent surveys show that 82% of organizations are concerned about cybersecurity in their business environment, while 74% expect to have experienced a cyberattack by the end of 2016. That threat, in a nutshell, represents the current state of cybersecurity.

Theft, corruption, hacking and malicious code have a deep impact on any organization, resulting not only in loss or damage of records and intellectual property, but also in compromised brand reputation, lost customers, legal action, and major monetary losses.  Everyone is familiar with cyber risk, even if they don’t understand the full implication of the severity of the matter. And yet, these attacks keep happening, implying that more companies need to take proactive measures in protecting themselves against cyber threats.

The Current State of CyberSecurity

Larger organizations have more complex supply chains and digital infrastructures, which present more potential doors for hackers to sneak inside. But those multi-national, billion-dollar organizations aren’t the only targets of cybersecurity threat, even if they are the only ones making headlines.

Cloud migration, mobile adoption, the Internet of Things, and more have been the catalyst for massive digital transformation across every industry vertical. These trends have allowed companies to optimize their processes for greater efficiencies and, consequently, achieve significant business growth.

But the cold truth is that information security has struggled to keep pace with this digital shift. Creating a holistic strategy for cybersecurity involves many heads and multiple tools. This level of commitment is difficult to meet, which is why, according to a PWC survey, only 57% of companies have an overall security strategy and just 49% conduct regular threat assessments. These statistics alone help explain why there were 38% more security incidents last year than the previous year, leading to monetary losses ranging from $50,000 to more than $10 Million.

The Growing Shortage of CyberSecurity Talent

At the heart of the problem lies a lack of qualified cybersecurity professionals who can bring companies up to speed. The ISACA, a security-focused nonprofit association, reports than more than half of all companies they surveyed take 3-6 months to fill their cybersecurity positions. That vacancy duration is more than triple the average time-to-fill ratio, which puts massive pressure on hiring managers and leaves a company’s cyber risk largely unaddressed.

Furthermore, 60% of those companies said that less than half of their cybersecurity candidates were actually qualified in the required skillsets. And what those applicants lacked in technical skills was compounded upon by a lack of business savvy and appropriate communication skills.

Part of the reason behind this challenge is simply that demand has risen faster than the supply can respond. The BLS reports a 53% growth in demand for information security professionals through 2018, and IT security jobs will continue to grow at a rate of 18% through 2014. In order to fill this need, experts in the industry say that there must be an increase in educational initiatives so that more people are attracted to the field.

Another line of reasoning behind the proposed shortage, however, is that there isn’t a shortage at all but simply a problem of budgetary restrictions. Because cybersecurity is such a vital need in today’s business environment, the competition for talent to address that need is high. Predictably, high competition leads to high salaries (check out our 2016 IT salary guides to find the average tech salary for cyber professionals in your city), but an Accenture study shows that 42% of business executives believe their security budgets only cover the cost of technology, not of hiring and training new team members.

When 76% of those surveyed by Accenture believe they need improvement in their abilities to conduct threat and vulnerability assessments, it’s clear that hiring and training is vital to an improved state of cybersecurity.

Building A Recruitment Strategy That Aligns with the State of Cybersecurity

As companies continue to shift from legacy technologies to cutting edge digital infrastructures and tools, executives must adopt a security-first approach in order to protect against increasingly sophisticated cyber risk. Thus, recognizing the need for qualified talent who can lead that approach is vital, and continuous training programs for existing talent is equally important.

If you’re one of the 82% who are concerned about cyberattacks to your company, let us know. At MDI, our network of IT talent includes highly competent security professionals who we’d love to introduce to you. Reach out today.

Shannon VolkShannon Volk is the Managing Director, Phoenix of MDI Group.  If you are interested in learning more about how to justify hiring the best IT talent, contact Shannon directly at, or call us 888-416-7949.  MDI Group has offices and specializes in recruiting IT talent in Atlanta, Austin, Charlotte, Dallas/Fort Worth, Greenville and Phoenix.