O’Reilly 2024 State of Security Survey reveals critical AI skills gap

Global study of over 1,300 tech professionals uncovers opportunities for enhanced security training and awareness.

  • Monday, 7th October 2024 Posted 2 months ago in by Phil Alsop

O’Reilly has released its 2024 State of Security Survey report, uncovering a stark disconnect between rapidly evolving threats and the readiness of security teams to combat them. The comprehensive study explores the current security landscape, identifies emerging threats, and assesses how organisations are adapting their security strategies and workforce development to meet these challenges.

Among the notable findings is a critical AI security skills gap: 33.9% of tech professionals report a shortage of AI security skills, particularly around emerging vulnerabilities like prompt injection. This highlights the need for specialised training as AI adoption continues to accelerate across industries.

Cloud security expertise also emerges as a significant concern. Despite cloud computing’s two-decade presence, 38.9% of respondents identified cloud security as the most significant skills shortage. This revelation underscores a lag in expertise as organisations continue their cloud migration journeys, potentially leaving them vulnerable to cloud-specific security threats.

Looking ahead, AI-enabled security tools rank as the top priority for the coming year (34.4%), with security automation following closely behind (28.2%), signalling a strong push toward automation in cybersecurity defences.

“Our global survey underscores a security landscape in flux, with critical skills gaps emerging in AI and cloud security,” said Laura Baldwin, president of O’Reilly. “As cyber threats become increasingly sophisticated, it’s clear that continuous, high-quality training is no longer optional; it’s essential for safeguarding our digital future. Organisations must prioritise ongoing up-skilling to stay ahead of evolving risks and build robust defences.”

Additional key survey findings highlight the following trends in the current security landscape:

Phishing remains top threat: In an era of sophisticated cyberattacks, 55.4% of respondents still cite phishing as the primary security concern, followed by network intrusion (39.9%) and ransomware (35.1%). The persistence of a “low-tech” threat emphasises the critical need for comprehensive employee training.

Security measures implemented: A majority (88.1%) of tech professionals have adopted multi-factor authentication, 60.1% have implemented endpoint security, and 49.2% have adopted a zero trust model.

Certification gap: Despite 51.3% of companies requiring certifications for hiring, 40.8% of security team members remain uncertified. This gap is pronounced among incident responders (70% uncertified) but less so for CISOs (33.3% uncertified), highlighting varying certification cultures across security roles. CISSP and CompTIA Security+ are the most required and desired credentials.

Continuous learning imperative: 80.7% of employers mandate continuing education for security professionals, with 32.2% requiring 41 or more hours annually. This emphasis on ongoing training reflects the rapidly changing threat landscape.

Ongoing training needs: Security professionals emphasise the importance of continuous learning, utilising online courses (88.8%), books (76.6%), and videos (75.2%) to stay updated on best practices and emerging threats.

The survey also found that better security awareness training for all employees (40.1%) was identified as the most crucial step in improving an organisation’s security posture, outranking additional staffing and better security tools.

“Our survey reveals a seismic shift in the security landscape—it’s no longer just an IT concern, but a company-wide imperative,” said Baldwin. “While certifications like CISSP remain crucial, we’re seeing critical skills gaps in cloud and AI security. To truly safeguard our digital future, we need high-quality, continuous learning that goes beyond exam preparation and empowers every employee to be a frontline defender against evolving threats.”

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 6 days ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 1 week ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 1 week ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.