Subscribe
About

ITWeb, in partnership with Kaspersky, conducted a cyber security personnel shortage survey during November / December 2022.

The objective of the survey was to find out whether South African businesses are experiencing a security skills shortage and if it would benefit them to expand their cyber security team.

A total of 96 responses were captured, with more than half (57%) of respondents being at executive or middle management level. When it comes to the size of the companies represented, there is an even split between those with under 500 employees (50%) and those with over 500 people, including large multinationals (50%). While 36% of respondents came from the IT sector, the remaining 64% come from a wide range of major industry sectors, with finance, government and telecoms being the best represented.

Here are some of the key findings:

  1. Over the next 12 months, organisations are most likely to make a monetary investment in cyber security (51%), new product development (40%), and software (33%). Other notable area where companies will be spending money are education & training (28%) and task automation (19%).
  2. Asked who is involved in managing IT within their organisation, the majority of the respondents said they have a specialist internal IT staff (74%), while 33% have an internal security operations centre (SOC).
  3. Furthermore, 28% of the respondents said their company have outsourced the IT management function to an IT support company, and 21% to a managed services provider.
  4. The information security function is managed by either a dedicated role or department (45%) or as part of the IT function overall (46%).
  5. More than half of the respondents (55%) indicated their business is definitely experiencing a cyber security skills shortage, and only 13% said NO.
  6. When asked if their organisation had experienced cyber security incidents in the past 24 months, 44% said YES. Nearly a third (39%) were not sure, while over one in four (26%) said NO.
  7. In most cases, the steps taken after these incidents include introducing additional security policies or requirements (52%), IT team seeking external IT security expert advice (29%) and conducting training for IT personnel and staff (27%).
  8. An overwhelming majority (87%) have heard of cyber security incidents in other organisations within their industry.
  9. The majority (74%) believe it could benefit their business to expand its cyber security team when there's a need for additional experience and protection.

Share