In the wake of the COVID-19 pandemic, most organizations are relying more than ever on digital channels to establish and maintain relationships with customers. Regardless of when or if the pandemic subsides, more people are deciding they don’t need to physically visit a store to buy something or take a meeting in an office to close a deal.
As end-users become more adjusted to this new way of doing business, a survey of 2,500 consumers published by PCI Pal, a provider of payment solutions, suggests they are also becoming a lot less tolerant of organizations that have a data breach. The survey finds more than two-thirds of Americans (64%) and Canadians (68%) would avoid buying from a company that had suffered a COVID-19-related data breach for up to several years. Another 17 percent of Americans and 24 percent of Canadians said they would never return to doing business with that organization again.
Continuing struggles with cybersecurity staffing
Unfortunately, just as people become less forgiving when it comes to data breaches, far too many organizations continue to have major challenges finding cybersecurity expertise. A global survey of 295 cybersecurity professionals published by Exabeam, a provider of a security information event management (SIEM) platform, finds 40 percent of respondents said their organization struggles with cybersecurity staffing.
The survey finds organizations continue to find it difficult to both identify candidates with the right expertise and retain them once they do find them. Benefits, wages, and a positive culture are, not surprisingly, all viewed as the top drivers of retention. Two-thirds of cybersecurity professionals, however, also cited a lack of a defined career path as a reason for leaving their job.
If cybersecurity staff turnover rates are high, the chances an organization will experience a data breach rise considerably. There’s no such thing as perfect security, so mistakes will always be made. However, if the cybersecurity team lacks experience, it’s less likely to prevent or even mitigate a data breach.
Lack of experience and training
The inconvenient truth is far too many organizations are overly dependent on cybersecurity staff that lack experience. Everyone on the cybersecurity staff may have a cybersecurity certificate, but not all certifications are created equal or, for that matter, especially relevant. The nature of the cybersecurity threats organizations face continually evolves. Hands-on experience is always going to be crucial. It just takes too long for that level of expertise to be achieved.
There may not even be a real shortage of cybersecurity professionals. There is, however, clearly a shortage of cybersecurity professionals capable of mitigating threats before irreparable harm is inflicted. Much of what passes for cybersecurity training today is inadequate for the task at hand. If the global economy is about to become more dependent on digital processes than ever, cybersecurity teams are going to be required to up their game considerably. That’s not going to happen if well-meaning individuals that just received a newly minted certificate are continually sent to the front line.
That doesn’t mean individuals shouldn’t be encouraged to enter the field. However, the only thing that now stands between most organizations and a customer that may disappear forever is the quality of the training being provided to the cybersecurity team. It’s time to recognize the current quality of that cybersecurity training simply doesn’t bode well for the future economic prosperity of most organizations.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.