Many cybersecurity teams find themselves struggling to keep pace with the rapid emergence of new technologies and the complexities associated with securing their organizations against these threats. A new study highlights that one of the primary issues facing these teams is the lack of sufficient time to engage in necessary training to adequately prepare for these challenges.
The research, published by ISC2, surveyed nearly 1,000 cybersecurity leaders from large enterprises across the globe, aiming to uncover how these organizations approach training for their cybersecurity teams. The findings revealed a significant upward trend in the allocation of budgets for security training, with nearly three-quarters of respondents (73%) indicating that their organizations had increased their training budgets over the past year. This increase seems largely a reaction to the growing prevalence of new technologies and the corresponding cybersecurity challenges that come with them.
A notable concern identified in the study is the impact of artificial intelligence (AI) on cybersecurity. Approximately half of the respondents (47%) stated that AI is currently the most critical skill their organization is either addressing or plans to address through targeted training initiatives. This statistic underscores the urgent need for cybersecurity personnel to stay ahead of evolving technological trends.
Despite the increase in budgetary resources, many organizations still face significant obstacles to providing effective training and upskilling opportunities for their cybersecurity teams. A predominant issue cited by nearly all surveyed security leaders (98%) was the organization’s willingness to allow employees to take part in professional development and training during work hours. However, paradoxically, just over half of the respondents (53%) reported facing challenges that hindered them from engaging in such training activities even during dedicated time slots.
### The Struggle with Time Management
Even when organizations express support for training initiatives, practical everyday work demands often hinder employees’ ability to carve out time for professional development. Respondents identified several barriers that contribute to the difficulty of accessing training. Among these are efforts to keep training content current and relevant (cited by 45% of respondents), challenges in locating qualified trainers (39%), and a lack of enthusiastic participation from employees (37%). Additionally, some surveyed leaders (32%) noted insufficient support from management and other stakeholders as a barrier to effective training.
Interestingly, despite the overall increase in training budgets, nearly a third of cybersecurity leaders (29%) still felt constrained by budget limitations that prevented them from providing adequate and up-to-date training options for their teams.
Despite these obstacles, a majority of security leaders expressed optimism about their training programs, with many reporting that these initiatives have been extremely effective in enhancing key processes within their organizations over the past year.
### The Importance of Continuous Training
The findings from the ISC2 study stress the need for organizations to recognize that security training and upskilling programs should not be treated as one-off endeavors. As both technology and cyber threats continue to evolve, it becomes crucial for those responsible for guarding against cyber-attacks to have ongoing access to training resources and time allocated specifically for this purpose.
According to ISC2, the most effective way to ensure that cybersecurity professionals receive the necessary training is to explicitly carve out time within the work schedule, allowing employees to focus solely on training without being distracted by their usual responsibilities. The report emphasized the importance of making this commitment tangible by securing dedicated training periods, adjusting workloads, and providing managers with resources and guidance to help their teams prioritize learning experiences effectively.
“When time is built into the workday and supported by management, security teams are more likely to fully seize available training opportunities,” the report asserted.
The comprehensive insights of the ISC2 report were based on responses from 995 cybersecurity leaders from enterprises with over 5,000 employees situated in various countries, including Canada, Germany, India, Japan, the UK, and the USA. This data underscores the pressing need for organizations to reevaluate their approach to cybersecurity training and address the challenges inhibiting effective skill development. The key takeaway remains clear: continuous training is essential for comprehensive cybersecurity preparedness, and proactive steps must be taken to integrate this into daily operations.