Companies invest more than $100,000 a year to improve their cybersecurity equipment

However, Kaspersky’s study also reveals a large gap in courses that cover new challenging areas or develop practical skills.

More than 70% of companies annually spend more than $100,000 in additional training to keep their employees’ knowledge of cybersecurity up to date, according to Kaspersky’s study, ‘The portrait of modern information security professional’. However, the companies surveyed also highlighted the lack of outstanding courses to keep the knowledge and skills of professionals in the sector up to date. In Latin America, 51% of professionals are willing to pay additional training courses with their own money to remain competitive in the market.

In his study, Kaspersky examined the global shortage of cybersecurity personnel, analysing why companies lack cybersecurity expertise and evaluating staff knowledge. According to global research, companies are investing significant amounts in improving the ratings of their cybersecurity teams. Forty-three per cent of the organizations state that they typically spend between $100,000 and $200,000 per year on information security courses, while 31 per cent invest more than $200,000 in training programmes. The remaining 26 per cent state that they usually pay less than $100,000 in educational initiatives.

The research also revealed that, in Latin America, many cybersecurity professionals (51%) believe that corporate training is not enough and are willing to pay additional training courses with their own money to remain competitive in the market and keep their knowledge and skills updated. However, these professionals also point out that the training sector is striving to keep pace with a constantly evolving industry, but is unable to provide the necessary programmes in time. In fact, the study shows that this shortage of courses was the main problem for Latin Americans seeking training in cybersecurity and new challenging areas (50%).

For their part, 38% of Latin American respondents highlight the need for special prerequisites for training, such as coding and advanced mathematics, which they do not specify at the pre-registration stage. In addition, another 43% say that people tend to forget what they have learned because they do not have the opportunity to apply the knowledge they have acquired in practice, so the courses do not serve them.

“With a constantly evolving threat landscape, companies must continuously improve the skills of their cybersecurity personnel to be well prepared for sophisticated cyberattacks. The development of high-profile specialists within the company and the creation of internal experience can result in an effective strategy for organizations that intend to retain existing employees and allow them to grow professionally, instead of constantly looking for new candidates and checking their professional background and practical skills,” says Veniamin Levtsov, vice president of the Kaspersky Corporate Business Experience Center.

And he added: “As for organizations served by Managed Service Providers, it is also important to maintain a fairly high level of experience internally and use the same language when discussing the scope of services and the Service Level Agreement with them”.

To effectively upgrade cybersecurity equipment, Kaspersky experts recommend:

  • Invest in quality cybersecurity courses for staff to keep them up to date with the latest cybersecurity updates and insights. With Kaspersky Expert training, InfoSec professionals can advance and improve their skills, as well as defend companies from possible attacks.
  • Use interactive simulators to test employees’ knowledge and assess their thinking in critical situations. For example, with the new Kaspersky interactive ransomware game, professionals can see how the company’s IT department deploys, investigates and responds to an attack and makes vital decisions with the main character of the game.
  • Provide InfoSec’s team of professionals with in-depth visibility into cyber threats directed at the organization. Kaspersky Threat Intelligence will provide a meaningful insight throughout the incident management cycle and help identify cyber risks in time.

The full report with further conclusions on the global shortage of qualified InfoSec professionals is available through the link.