Recruiting (46%), retention (42%) and skill set gaps with existing staff are top three issues impacting staff effectiveness, finds Symantec survey
Staffing is a major issue limiting IT security’s effectiveness for most enterprises, according to computer security company Symantec.
In the findings of its 2011 Threat Management Survey, which examined the concerns and challenges IT security organisations.
The survey found that most enterprises are not confident in their security posture and that staffing is a major issue limiting IT security’s effectiveness.
The Threat Management Survey also found that 46% of those who lacked confidence indicated insufficient security staff was a top factor. A similar number (45%) said a lack of time to respond to new threats for their existing staff.
Th survey also found that overall, 43% of organisations worldwide reported they are somewhat or extremely understaffed. In North America, respondents were much more likely to report understaffing, with 53% reporting staffing challenges.
In the survey, those who lack confidence in their ability to respond to threats also reported issues with staff effectiveness. Sixty-six percent rate their staff as less than effective and only 4% rate their staff as completely effective, said Symantec.
The top three issues impacting staff effectiveness were recruiting (46%), retention (42%) and skill set gaps with existing staff (35%). Symantec said that the findings suggest that effectiveness is linked to both staffing levels as well as staff experience and skill set.
Symantec Threat and Risk Management group product marketing director David Dorosin said that although organisations are more concerned than ever about keeping up with the evolving threat environment, many still fall short of achieving high confidence in their security posture.
Dorosin said, "Effective threat management requires advanced technology for enterprise visibility and the correlation and analysis of security data, but our research shows that the human element is often the limiting factor for enterprise threat management teams."