That is what one cybersecurity firm’s survey on training budgets and talent shortages is pointing to

In a recent survey of 1,012 info-security professionals from around the world*, a cybersecurity firm received data around the topic of cybersecurity training and upskilling, thereby sharing the following trend from the data.

Firstly, 43% of respondents cited their employers usually spending between US$100,000 and US$200,000 per year on information security courses, while 31% cited over $200,000. The remaining 26% cited sums of less than US$100,000.

Second, 39% of respondents cited their belief that their corporate training was not enough: they were willing to pay for additional training courses with their own money.

Third, 49% of respondents cited a “scarcity of courses covering new challenging spheres” as the main problem when searching for cybersecurity training. Some 47% of respondents stated that trainees tended to forget what they learned because they had no opportunity to apply newly-acquired knowledge, and therefore many courses were useless to them. Also, 45% cited that the need for special training pre-requisites such as coding and advanced mathematics had not been specified at the pre-registration stage for courses, thereby creating learning challenges.

According to Veniamin Levtsov, VP, Center of Corporate Business Expertise, Kaspersky, the firm that commissioned the survey: “With a constantly evolving threat landscape, businesses should continually improve the skills of their cybersecurity personnel in order to be well prepared for sophisticated cyberattacks. Developing high-profile specialists within the company and building internal expertise can be an effective strategy for organizations that aim to retain existing employees and allow them to grow professionally, instead of constantly hunting for new candidates and checking their professional backgrounds and practical skills. For organizations served by managed service providers it is also important to maintain a pretty high level of expertise internally, and use the same language when discussing the scope of services and service level agreement with them.”

* comprising the USA, DACH (Germany, Austria, Switzerland), the UK, France, Italy, Spain, Benelux (Belgium, Netherlands and Luxembourg), Brazil, Mexico, Argentina, Colombia and Chile, Saudi Arabia, UAE, Turkey, South Africa, Nigeria, Egypt, India, Japan, China, Malaysia, Singapore, Indonesia, Russia