Most then 70% of businesses pay more than $100 000 for additional training annually to keep skills of their cybersecurity employees up to date, a recent global Kaspersky study has revealed.

However, the surveyed companies also highlighted that there was a lack of relevant courses covering new challenging spheres in the educational market and stated that training does not always bring them the expected result.

In its recent study ‘The portrait of the modern Information Security professional’, Kaspersky examined the topic of the global cybersecurity staff shortage, analysing the exact reasons businesses lack cybersecurity experts, and identifying the ways they evaluate and upskill their cybersecurity workforce.

According to the research, companies are investing significant amounts in upskilling their cybersecurity teams: 43% of organisations globally say they usually spend between $100 000 and $200 000 per year on information security courses, while 31% invest over $200 000 for training programs. The remaining 26% state they usually pay less than $100 000 for educational initiatives.

However, cybersecurity practitioners also note that the educational market is struggling to keep up with the rapidly changing industry and fail to deliver the necessary training programs on time.

Survey results for the Middle East, Turkiye, Africa (META) region shows that the scarcity of courses covering new challenging spheres (48%) was the main problem for those searching for cybersecurity training.

Fifty percent of respondents from the META region also stated that trainees tend to forget what they learned because they had no opportunity to apply newly acquired knowledge, therefore the courses were useless to them.

The need for special training pre-requisites such as coding and advanced mathematics, which were not specified at the pre-registration stage were also problematic for 37% of practitioners from the META region.

“With a constantly evolving threat landscape, businesses should continually improve the skills of their cybersecurity personnel in order to be well prepared for sophisticated cyberattacks,” comments Veniamin Levtsov, vice-president: Centre of Corporate Business Expertise at Kaspersky.

“Developing high-profile specialists within the company and building internal expertise can be an effective strategy for organisations that aim to retain existing employees and allow them to grow professionally, instead of constantly hunting for new candidates and checking their professional backgrounds and practical skills.

“For organisations served by Managed Service Providers it is also important to maintain a pretty high level of expertise internally and use the same language when discussing the scope of services and Service Level Agreement with them.”