A lack of skilled cybersecurity professions may soon lead to a crisis in enterprise security, according to a report released today by Tripwire Inc.

The finding comes in a survey of 336 information technology security technology professionals undertaken by Dimension Research in February. Some 80 percent of respondents say it’s becoming more difficult to find skilled cybersecurity professionals. Highlighting the rapid transformation of IT, 93 of respondents also said that the skills required to be a great security professional have changed over the past few years.

“The skills gap issue continues to worsen which is troubling, since cybersecurity threats only continue to grow,”  David Meltzer, chief technology officer at Tripwire, said in a statement. “Additionally, security teams are in search of new skillsets to deal with evolving attacks and more complex attack surfaces as they include a mix of physical, virtual, cloud, DevOps and operational technology environments. It’s becoming more difficult to maintain critical security controls and there are fewer people available to do it.”

The survey found that the crisis in security professionals is already real. About 85 percent of respondents reporting that their security teams are already understaffed, with only 1 percent believing they can manage all of their organization’s cybersecurity needs when facing a shortage of skilled workers. Nearly all the respondents said that they are either currently facing difficulty in staffing security teams because of the skills gap or can see it coming.

More than two-thirds said that they were concerned with losing the ability to stay on top of vulnerabilities, while 60 percent said they worry about being able to identify and respond to issues in a timely manner and stay on top of emerging threats. A small majority of respondents said that they fear they will lose their ability to manage and secure configurations properly in coming days and months.

“Because security teams are stretched thin, it’s going to be more important than ever to build strong partnerships,” noted Lamar Bailey, senior director of security research at Tripwire. “Organizations can collaborate with trusted vendors to take pressure off their in-house resources. Approaches could include more automation of security tasks and support through managed service to ensure that no critical security controls are dropped.”

Image: Pixabay