O’Reilly 2024 State of Security Survey reveals critical AI skills gap

Global study of over 1,300 tech professionals uncovers opportunities for enhanced security training and awareness.

  • Monday, 7th October 2024 Posted 1 month ago in by Phil Alsop

O’Reilly has released its 2024 State of Security Survey report, uncovering a stark disconnect between rapidly evolving threats and the readiness of security teams to combat them. The comprehensive study explores the current security landscape, identifies emerging threats, and assesses how organisations are adapting their security strategies and workforce development to meet these challenges.

Among the notable findings is a critical AI security skills gap: 33.9% of tech professionals report a shortage of AI security skills, particularly around emerging vulnerabilities like prompt injection. This highlights the need for specialised training as AI adoption continues to accelerate across industries.

Cloud security expertise also emerges as a significant concern. Despite cloud computing’s two-decade presence, 38.9% of respondents identified cloud security as the most significant skills shortage. This revelation underscores a lag in expertise as organisations continue their cloud migration journeys, potentially leaving them vulnerable to cloud-specific security threats.

Looking ahead, AI-enabled security tools rank as the top priority for the coming year (34.4%), with security automation following closely behind (28.2%), signalling a strong push toward automation in cybersecurity defences.

“Our global survey underscores a security landscape in flux, with critical skills gaps emerging in AI and cloud security,” said Laura Baldwin, president of O’Reilly. “As cyber threats become increasingly sophisticated, it’s clear that continuous, high-quality training is no longer optional; it’s essential for safeguarding our digital future. Organisations must prioritise ongoing up-skilling to stay ahead of evolving risks and build robust defences.”

Additional key survey findings highlight the following trends in the current security landscape:

Phishing remains top threat: In an era of sophisticated cyberattacks, 55.4% of respondents still cite phishing as the primary security concern, followed by network intrusion (39.9%) and ransomware (35.1%). The persistence of a “low-tech” threat emphasises the critical need for comprehensive employee training.

Security measures implemented: A majority (88.1%) of tech professionals have adopted multi-factor authentication, 60.1% have implemented endpoint security, and 49.2% have adopted a zero trust model.

Certification gap: Despite 51.3% of companies requiring certifications for hiring, 40.8% of security team members remain uncertified. This gap is pronounced among incident responders (70% uncertified) but less so for CISOs (33.3% uncertified), highlighting varying certification cultures across security roles. CISSP and CompTIA Security+ are the most required and desired credentials.

Continuous learning imperative: 80.7% of employers mandate continuing education for security professionals, with 32.2% requiring 41 or more hours annually. This emphasis on ongoing training reflects the rapidly changing threat landscape.

Ongoing training needs: Security professionals emphasise the importance of continuous learning, utilising online courses (88.8%), books (76.6%), and videos (75.2%) to stay updated on best practices and emerging threats.

The survey also found that better security awareness training for all employees (40.1%) was identified as the most crucial step in improving an organisation’s security posture, outranking additional staffing and better security tools.

“Our survey reveals a seismic shift in the security landscape—it’s no longer just an IT concern, but a company-wide imperative,” said Baldwin. “While certifications like CISSP remain crucial, we’re seeing critical skills gaps in cloud and AI security. To truly safeguard our digital future, we need high-quality, continuous learning that goes beyond exam preparation and empowers every employee to be a frontline defender against evolving threats.”

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 4 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 4 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 4 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 4 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 4 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.