The high turnover of the best IT experts in companies weakens information security

Four-fifths of IT professionals with high expertise remain employed by a medium-sized Finnish company for a maximum of one year. This is clear from a recent study by the IT service company Advania. According to the study, rapid turnover raises almost as much concern about information security as cyber threats. The results also reveal that, as a result of the skills gap, a large number of companies are unable to utilize artificial intelligence.

The survey of medium-sized companies highlights several problems, especially in the area of cyber security. The duration of the employment relationships of top experts is alarmingly short, important security updates are omitted and the costs of information security problems are believed to be the responsibility of others.

The lack of IT expertise has led to technology choices that do not enable achieving the business benefits of artificial intelligence (AI). Companies also suffer from the inability to identify AI use cases in their own business. For example, four out of five do not see opportunities in artificial intelligence to improve productivity.

Only three percent of medium-sized companies have managed to keep top IT experts in their service for more than two years. A third of the companies say that the high turnover of top talent is the biggest single reason that makes the long-term development of cyber security difficult.

"Such a high turnover inevitably leads to problems. The result is discontinuity in the management and development of the company's cyber security and in the transfer of internal information. In addition, it will be difficult to name those responsible for cyber security," says Janne Herkama, director of Advania's IT infrastructure business area.

Despite the talent problem, 36 percent of companies claim to develop their cyber strategy internally, fully confident in its effectiveness. Only one in four asks for advice from external experts.

Many stumble in the basics of cyber security

Just under two-thirds of medium-sized companies say they provide different cybersecurity information internally at least quarterly. Still, companies fail in practical implementation in many ways.

Two-thirds of companies neglect regular security updates. The parties generally do not keep the basics of cyber security up to date. More than a third wait for bugs and disruptions before starting to solve them.

At the same time, companies say that the factor leading to IT outsourcing is the lack of internal expertise. On the other hand, medium-sized companies in Finland feel that they are underserved by large technology suppliers the most in the entire northern European region.

"Security threats are constantly evolving, and mid-sized companies are vulnerable due to limited resources and outdated security practices. The best way for companies to avoid unpleasant consequences is to acquire an IT service partner that always stays up to date and has a moderate turnover of experts. This brings vital stability, which protects against possible risks and improves the level of information security anyway," says Janne Herkama.

More than half of medium-sized companies estimate that their cyber strategy is primarily a concern for someone else, usually an IT service provider. Companies mistakenly assume that the cloud service provider is responsible for the costs of data recovery caused by an attack.

Medium-sized companies need better service in IT solutions

As many as 43% of Finnish IT decision-makers say that they do not get solutions that suit their needs from large technology companies. In the study, they said that they have to make decisions between ill-suited ready-made solutions and expensive tailor-made solutions, often without receiving services that meet their needs. Medium-sized companies need a stronger service to get the benefits they want from technology solutions.

Key findings of Advania's mid-sized enterprise cyber security study:

• 34% consider IT staff turnover to be the biggest discontinuity factor in their cyber security strategy.
• 3% have been able to keep IT staff with high expertise for more than 2 years.
• 63% of companies do not make regular information security updates.
• 52% do not keep the basics of cyber security up to date.
• In 40% of companies, lack of internal competence is the main reason leading to IT outsourcing.
• 34% of companies wait for bugs and disruptions before solving them
• 60% of companies say they provide cybersecurity information at least quarterly.
• 82% of companies do not recognize artificial intelligence as an opportunity to improve productivity.
• In 46% of companies, insufficient competence has led to technology choices that do not enable the benefits of artificial intelligence.
• 36% of companies develop their cyber strategy internally with full confidence in its effectiveness, and only one in four seek advice from external experts.

The survey was conducted in November 2023 by the independent research company Censuswide in Finland, Great Britain, Sweden, Denmark, Norway and Iceland. A total of 968 decision-makers in medium-sized companies responded to the survey. There were 67 respondents from Finland. In all countries, companies belonging to the size category suffer from similar problems.

More info:

Aino von Bonin
Marketing and Communications Director, Advania Finland
+358 400 753 808
aino.vonbonin@advania.com