New Research Results from Omdia and Cybrary Point to Substantial ROI From Continuous Upskilling of Cybersecurity Teams.
By Kevin Hanes, CEO, Cybary
In recent years, cybersecurity has garnered a staggering amount of attention, especially with the rise of high-profile data breaches. But, we still find companies grappling with an absent plan for preparing staff to handle impending and emerging threats. A new research report developed with Omdia examines several common myths about professional cybersecurity training in the hopes of assisting practitioners and technology vendors in dispelling some of these myths and better preparing your organization for the future.
Why train cybersecurity professionals?
Let’s start with the basics. Why train cybersecurity professionals? The answer is simple: management sees that better security results and risk mitigation are required. Training also develops skills that help organizations prevent or respond to cybersecurity incidents on the horizon or that may emerge down the road. In fact, in the 2022 Dark Reading Decision Maker’s Survey (in which Omdia participated), 47% of cybersecurity executives say that a shortage of skilled employees is an issue that adversely affects their organization.
The myth of the migrating cybersecurity professional
“Why should I train my employees when they’ll just leave for a better job?”
That’s a question we hear all the time—but our data shows that it’s not true. In fact, half of the companies in our survey reported that the availability of professional cybersecurity training reduces the likelihood that an employee will leave, with another four in ten saying that it had no noticeable impact on employee retention. A scant 11% of respondents actually reported that professional training increases the chance that a particular employee will leave (see figure 3).
The benefits of professional training are seen in the impact the employee has on the organization, in the overall risk posture of the organization, and in the costs associated with finding and retaining highly skilled employees.
Global business leaders have recognized that continuing professional cybersecurity education is critical to their success—they can’t afford not to be up-to-date with the latest security practices and trends.
The enterprise is seeing results from training
Cybersecurity professionals know that professional cybersecurity training is essential to keeping their organizations safe from hackers. But what about the larger enterprise? Are they seeing results from training?
275 executives, directors, and security professionals were surveyed about the impact of professional cybersecurity training on their organization’s cybersecurity. Findings revealed that:
- 73% said that their cybersecurity performance was more efficient because of professional cybersecurity training, and
- 62% said that their organization’s cybersecurity effectiveness had improved as a result of professional cybersecurity training.
These are both quantifiable results—things you can measure with data points—that indicate the real, measurable impact of professional cybersecurity training on the organization.
Training is improving staff turnover rates
If you’re a manager in cybersecurity, you’ve probably heard some stories about newly educated cybersecurity professionals jumping to higher-paying jobs. If you’re like most managers, you might be wondering whether training programs will have a positive or negative impact on turnover rates.
We asked our survey respondents what they thought, and their answers surprised us: almost half (48%) of those responding said that professional cybersecurity training decreases the likelihood that cybersecurity professionals will leave the organization. Another 41% said that training has no significant impact on professionals’ odds of leaving. Only 11% reported that they felt professional cybersecurity training increases the likelihood that cybersecurity professionals will leave the company.
How are companies training their employees?
In today’s increasingly complex threat landscape, adversaries are well funded and are using advanced resources to develop and evolve new threat variants. It’s more important than ever for organizations to have a comprehensive, ongoing training program in place.
To address these challenges, organizations are prioritizing allocating resources to endpoint security, data security, and secure access service edge (SASE) training. This also is followed by remote, cloud, and network security training.
Organizations are also prioritizing skills in a variety of topics to help defend against modern threats on the broad range of attack vectors. That’s why it’s so important to have a comprehensive training program in place.
Online training is becoming the preferred approach over in-person training, with 72% of SMBs, 62% of large SMBs/SMEs, and 58% of large enterprises allocating budgets for online training (see figure 5). The reason for this is simple: online training can be integrated seamlessly into an employee’s daily work tasks, reinforcing its value and making it more likely that the employee will actually learn what they’re supposed to learn.
It also helps that online training is accessible from anywhere, at any time—which makes it easier for employees to access the resources they need to stay up-to-date on their skill sets without having to take time off from work or travel long distances just to get them.
When it comes to cybersecurity training, a lot of groundless myths still persist, and are likely to help aid threat actors as they ensnare target organizations. But research and experience demonstrate that when actual results and experience are analyzed, the balance swings firmly in favor of developing an ongoing, sustained program of professional cybersecurity training.
Here are some key takeaways:
- Almost 90% of survey respondents rejected the idea that training leads to increased employee turnover.
- Cybersecurity training increases cyber teams’ effectiveness, efficiency, and overall security posture.
- Training also directly reduces the number and impact of breaches/incidents, and prepares teams to better deter, detect and address future threats.
- When implementing a training platform, it’s best to choose one with a range of cyber-focused topics to support your specific needs.
- Combine training with internal career paths to encourage employee retention and loyalty.
The cybersecurity job market is not just competitive, it’s a war zone actively competing for talent. Companies need to be able to attract and retain the best talent if they want to stay competitive in this fast-paced industry, and investments in upskilling help recognize and reward cybersecurity pros, while strengthening the organization’s security posture. Although at first look training may seem like a daunting undertaking, a world-class platform can make ongoing cybersecurity accessible, affordable and easy to implement and manage.
Seek out a cybersecurity upskilling platform that provides guided pathways, threat-informed training, and certification preparation for your team. When you equip your cybersecurity professionals – at every stage in their careers – to upskill and mitigate both current and future threats, you help your organization win both the battle for talent and the fight against attackers!
If you’re looking to make the case to prioritize training, you can download the The Myths of Training Cybersecurity Professionals report by Omdia or you can watch our on-demand webinar that reviews the key insights from Omdia’s research.
About the Author
Kevin Hanes is the chief executive officer of Cybrary and serves on its board of directors. Before joining Cybrary in June 2021, Kevin spent eight years as COO of Secureworks. In that role, he helped transform Secureworks into a recognized global market leader, built one of the world’s most respected cybersecurity operations teams, and led his organization through hyper-growth and an IPO. Kevin began his career at Dell Technologies in custom software integration and moved into leadership roles over his 15-year tenure. Kevin earned his Bachelor’s from St. Edward’s University and his Master’s at The University of Texas at Austin.
Kevin can be reached online at @cybraryIT and at our company website https://www.cybrary.it/