Lack of IT specialists: 30 percent are missing in the area of ​​cybersecurity

Share post

A survey in Germany shows that the IT skills shortage mainly affects the IT security area. Almost a third of companies complain about a lack of specialist staff for IT security, with banks and insurance companies being particularly affected. 

Efficient, well-positioned IT security is crucial for the success and competitiveness of companies. The increasing complexity of cyber threats is therefore a major challenge for companies, especially with regard to the composition of their IT teams.

There is a lack of specialists to protect the IT infrastructure

🔎 For every 100 companies, there is a 30 percent shortage of skilled workers - most of them in IT security (Image: Sophos).

Sophos' latest study on the topic of Cybersecurity-as-a-Service (CSaaS) shows that, at 29 percent, almost a third of the IT managers surveyed stated that they had too few IT employees to provide comprehensive protection for their IT systems. to ensure infrastructure. Conversely, this also means that at least 71 percent of those responsible can report that they have sufficient IT staff available. This distribution roughly describes the situation as it appears across different company sizes.

There are clear industry-specific differences in terms of the shortage of skilled workers in IT. While 43 percent of banks and 42 percent of insurance companies report such a deficiency, the proportion in the industrial sector is significantly lower at 23 percent and in retail at just nine percent. Industries with sensitive data in particular are often the target of targeted and highly specialized cyber attacks. These sectors therefore require specialized IT security personnel who, in addition to technical know-how, are also familiar with the industry-specific risks and requirements.

Most specialists are missing from IT security

🔎 Lack of skilled workers in companies: The decision-makers state that 70% of employees are wanted for IT security (Image: Sophos).

The shortage of IT employees affects many different areas of the company. In 71 percent of companies that report a shortage of skilled workers in their IT, there is a lack of employees specifically for IT security. In addition, 40 percent of companies lack employees for network administration. In more than a third (35 percent) there is also a need for experts in application development, particularly in Java and Python. It turns out that the shortage of skilled workers is not only limited to the area of ​​IT security, but extends across various IT disciplines.

The size of the IT team is a crucial factor in a company's ability to protect against cyberattacks and ensure an efficient IT infrastructure. In more than a quarter of the companies surveyed (27 percent) that have sufficient IT staff, the IT infrastructure is managed by 21 to 50 IT employees and in 24 percent by 11 to 20 IT employees. This shows – not surprisingly – that the number of employees responsible for IT tends to increase with the size of the company.

One possibility: Other ways of recruiting

Chester Wisniewski, Field CTO at Sophos, advocates making the relevant recruiting more flexible than before as a possible solution to the challenges in hiring specialist staff. "I'm not convinced the gap is as big as many studies would have us believe," he says. “I think we need to be more open-minded when it comes to hiring security professionals by increasing the diversity of our potential applicants.

I know many young people who have worked as software engineers, data protection officers or IT employees, as well as people with a social science background - all of whom are currently finding it difficult to break into the IT security industry. This is despite the fact that they have experience in other areas and training in security. Of course, already acquired professional experience in the field of IT security is important, but it currently plays a role as a high exclusion criterion that we cannot afford. People who are passionate about our work and who bring their previous experiences can enrich us and will help us close these gaps and lead to better results in the long term.”

Another solution: CSaaS – expertise from outside

An all-encompassing cybersecurity approach requires specialized IT staff to ensure the security of the IT infrastructure at all times. In the event of a shortage of IT staff, Cyber ​​Security as a Service (CSaaS) offers an efficient approach to ensuring comprehensive IT security without internal staff. Companies can benefit from the expertise of specialized security experts and protect their IT infrastructure in the best possible way. Cybersecurity as a Service (CSaaS) provides companies with the agility they need to counter diverse and ever-changing threats. With this external support, you can outsource a critical part of your cybersecurity and optimize and modernize the protection of your existing IT infrastructure.

While 35 percent of the companies surveyed in the study are currently implementing CSaaS, 46 percent are already using this service and they emphasize the positive effects: 46 percent report companies that have been confronted with cyber attacks and use cybersecurity as a service to be able to react quickly and quickly return to their normal operating processes. 45 percent each emphasize better isolation and prevention of further damage, as well as better access to specialized expertise and advanced technologies.

Background to the German study

The survey was conducted by techconsult on behalf of Sophos with 200 IT managers and decision-makers from German companies with 100 to 999 employees.

More at


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

The Terminator tool is coming back

BYOVD (Bring Your Own Vulnerable Driver) are still very popular among threat actors as EDR killers. One reason is, ➡ Read more