PRESSR: Companies invest more than 100.000$ yearly to upskill their cybersecurity teams

Over 70% of businesses pay more than 100.000$ for additional training annually to keep skills of their cybersecurity employees up to date, a recent Kaspersky study has revealed. However, the surveyed companies also highlighted that there was a lack of relevant courses covering new challenging spheres in the educational market, and stated that training does not always bring them the expected result.

In its recent study ‘The portrait of the modern Information Security professional,’ Kaspersky examined the topic of the global cybersecurity staff shortage, analyzing the exact reasons businesses lack cybersecurity experts, and identifying the ways they evaluate and upskill their cybersecurity workforce.

According to the research, companies are investing significant amounts in upskilling their cybersecurity teams: 43% of organizations say they usually spend between $100,000 and $200,000 per year on information security courses, while 31% even invest over $200,000 for training programs. The remaining 26% state they usually pay less than $100,000 for educational initiatives.

However, cybersecurity practitioners in the META region also note that the educational market is struggling to keep up with the rapidly-changing industry and fail to deliver the necessary training programs on time. The research shows that the scarcity of courses covering new challenging spheres (48%) was the main problem for those searching for cybersecurity training.

50% of respondents also stated that trainees tend to forget what they learned because they had no opportunity to apply newly-acquired knowledge, therefore the courses were useless to them. The need for special training pre-requisites such as coding and advanced mathematics, which were not specified at the pre-registration stage were also problematic for 37% of practitioners.

META stats for localizing the graph

It’s difficult to select courses which are in line with the organization's needs


It is difficult to assess the effectiveness of the courses


There is misconception related to pre-requisite criteria to apply for courses


People tend to forget what they learned if there is no practical implementation


There is lack of courses covering new challenging spheres


With a constantly evolving threat landscape, businesses should continually improve the skills of their cybersecurity personnel in order to be well prepared for sophisticated cyberattacks. Developing high-profile specialists within the company and building internal expertise can be an effective strategy for organizations that aim to retain existing employees and allow them to grow professionally, instead of constantly hunting for new candidates and checking their professional backgrounds and practical skills. For organizations served by Managed Service Providers it is also important to maintain a pretty high level of expertise internally and use the same language when discussing the scope of services and Service Level Agreement with them,” comments Veniamin Levtsov, VP, Center of Corporate Business Expertise at Kaspersky.

To effectively upskill cybersecurity teams, Kaspersky experts recommend the following:

  • Invest in quality cybersecurity courses for the staff to keep them up to date with the latest knowledge. With practically oriented Kaspersky Expert training, InfoSec professionals can advance their hard skills so they can defend their companies against attacks.
  • Use interactive simulators to test employees’ expertise and assess the way they think in critical situations. For instance, with the new Kaspersky interactive ransomware game they can observe the way the company’s IT department deploys, investigates and responds to an attack, and makes vital decisions with the game’s main character.
  • Provide your InfoSec professionals with in-depth visibility into cyberthreats targeting your organization. The latest Threat Intelligence will supply them with a rich and meaningful overview across the entire incident management cycle and help to identify cyber risks in time.

The full report with more findings on the global shortfall of qualified InfoSec professionals is available via the link.


About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at

Send us your press releases to

© Press Release 2024

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

Login or create a forever free account to read this news