Healthcare Information Security

Cybersecurity News

Is There a Healthcare Cybersecurity Skills Shortage?

Healthcare cybersecurity skills are essential for organizations as they implement new technologies, but a recent survey may indicate that work needs to be done.

By Elizabeth Snell

With ransomware attacks and other data security issues for healthcare organizations being regularly reported, employees with the necessary healthcare cybersecurity skills are crucial assets.

Healthcare cybersecurity skills essential for covered entities

However, if a recent survey shows a cybersecurity skills shortage, which may eventually affect the healthcare industry.

McAfee’s Hacking the Skills Shortage interviewed respondents in eight countries, including the United States, about their organization’s total cybersecurity spending, education programs, employer dynamics, and public policies.

The majority of respondents - 82 percent - reported that there was a cybersecurity skills shortage, with 76 percent saying that their government is not investing enough in cybersecurity talent.   

This can cause direct and measurable damage, according to those interviewed. One in three respondents explained that the cybersecurity skills shortage makes their organizations more desirable hacking targets. Furthermore, approximately 25 percent said insufficient cybersecurity staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data through cyberattack.

“The deficit of cybersecurity talent is a challenge for every industry sector,” the report’s authors wrote. “The lack of trained personnel exacerbates the already difficult task of managing cybersecurity risks.”

In terms of affecting their organization, 35 percent of respondents said that a shortage of cybersecurity skills has led to their company being unable to maintain an adequate staff of security professionals. One-third of those surveyed said they find themselves a target for hackers because they know their cybersecurity is not strong enough.

A loss of proprietary data, reputational damage, and a reduced ability to create new IP for products and services were also top issues for organizations.

mcafee graph of cybersecurity skills shortage effects on organizations

The survey also found that there is a bit of a contradiction when it comes to cybersecurity education. While the majority of respondents agreed that a bachelor’s degree was a baseline credential for working in cybersecurity, less than one-quarter (23 percent) of respondents said that education programs are preparing individuals to enter the cybersecurity industry.

“Traditional academic institutions are the primary source of initial education and training for cybersecurity professionals, but non-traditional methods may be a better way to acquire and grow cybersecurity skills,” explained the report’s authors. “Incorporating practical learning into academic programs would better prepare cybersecurity professionals for the real world.”

mcafee graph of cybersecurity education programs

As previously mentioned, the cybersecurity skills gap is potentially affected by a lack of government investment. Just under 80 percent of respondents in the US said that they agree that their government is not investing enough in cybersecurity skills. The majority of those surveyed in other countries also agreed with the statement.

“Despite increased political engagement on cybersecurity workforce issues, however, more must be done to build the cybersecurity talent pool,” the report’s authors wrote.

mcafee graph of government investment

The report concluded that closing the cybersecurity skills gap requires countries to “develop critical technical skills, cultivate a larger and more diverse workforce, and reform education and training programs to include more hands-on learning.”

For healthcare cybersecurity skills, executive support will be essential for ensuring that the necessary steps are taking to keep data secure.

The State of Cybersecurity: Implications for 2016 report from the ISACA and RSA Conference found that more executives are viewing cybersecurity as a technical concern rather than a business issue. Furthermore, 61 percent of those surveyed reported that their organizations are increasing cybersecurity budgets in 2016.

However, 59 percent of respondents also said that less than half of their IT security job candidates were considered “qualified upon hire,” with the candidate pool lacking work experience and certifications.

Image Credit: McAfee

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks