O’Reilly, the premier source for insight-driven learning on technology and business, released its 2024 State of Security Survey report, uncovering a stark disconnect between rapidly evolving threats and the readiness of security teams to combat them. The comprehensive study explores the current security landscape, identifies emerging threats, and assesses how organizations are adapting their security strategies and workforce development to meet these challenges.
Among the notable findings is a critical AI security skills gap: 33.9% of tech professionals report a shortage of AI security skills, particularly around emerging vulnerabilities like prompt injection. This highlights the need for specialized training as AI adoption continues to accelerate across industries.
Cloud security expertise also emerges as a significant concern. Despite cloud computing’s two-decade presence, 38.9% of respondents identified cloud security as the most significant skills shortage. This revelation underscores a lag in expertise as organizations continue their cloud migration journeys, potentially leaving them vulnerable to cloud-specific security threats.
Looking ahead, AI-enabled security tools rank as the top priority for the coming year (34.4%), with security automation following closely behind (28.2%), signaling a strong push toward automation in cybersecurity defenses.
“Our global survey underscores a security landscape in flux, with critical skills gaps emerging in AI and cloud security,” said Laura Baldwin, president of O’Reilly. “As cyber threats become increasingly sophisticated, it’s clear that continuous, high-quality training is no longer optional; it’s essential for safeguarding our digital future. Organizations must prioritize ongoing upskilling to stay ahead of evolving risks and build robust defenses.”
Additional key survey findings highlight the following trends in the current security landscape:
- Phishing remains top threat: In an era of sophisticated cyberattacks, 55.4% of respondents still cite phishing as the primary security concern, followed by network intrusion (39.9%) and ransomware (35.1%). The persistence of a “low-tech” threat emphasizes the critical need for comprehensive employee training.
- Security measures implemented: A majority (88.1%) of tech professionals have adopted multifactor authentication, 60.1% have implemented endpoint security, and 49.2% have adopted a zero trust model.
- Certification gap: Despite 51.3% of companies requiring certifications for hiring, 40.8% of security team members remain uncertified. This gap is pronounced among incident responders (70% uncertified) but less so for CISOs (33.3% uncertified), highlighting varying certification cultures across security roles. CISSP and CompTIA Security+ are the most required and desired credentials.
- Continuous learning imperative: 80.7% of employers mandate continuing education for security professionals, with 32.2% requiring 41 or more hours annually. This emphasis on ongoing training reflects the rapidly changing threat landscape.
- Ongoing training needs: Security professionals emphasize the importance of continuous learning, utilizing online courses (88.8%), books (76.6%), and videos (75.2%) to stay updated on best practices and emerging threats.
The survey also found that better security awareness training for all employees (40.1%) was identified as the most crucial step in improving an organization’s security posture, outranking additional staffing and better security tools.
“Our survey reveals a seismic shift in the security landscape—it’s no longer just an IT concern, but a company-wide imperative,” said Baldwin. “While certifications like CISSP remain crucial, we’re seeing critical skills gaps in cloud and AI security. To truly safeguard our digital future, we need high-quality, continuous learning that goes beyond exam preparation and empowers every employee to be a frontline defender against evolving threats.”
Explore HRTech News for the latest Tech Trends in Huma Resources Technology.