A lack of software security training puts companies at risk

Posted by Synopsys Editorial Team on Monday, January 22nd, 2018

If you give a man a fish, you feed him for a day. But if you teach a man to fish, you feed him for life. Software security training works very similarly.

Infographic: A lack of software security training puts companies at risk

An old proverb states that if you give a man a fish, you feed him for a day; but, if you teach a man to fish, you feed him for life. Software security training aligns very well with this proverb.

The majority of developers don’t come equipped with security skills. In fact 95% of software security bugs are caused by just 19 programming flaws. And yet, only 2.8% of undergraduate computer science programs require a security course.

There also aren’t enough security pros to find and fix defects. There are over 1 million unfilled security jobs globally. 34.5% of security managers have trouble implementing security projects, owing to lack of staff expertise. 64% of companies say they struggle to train staff to manage the growing number and complexity of security tools. It even took 7% longer in 2015 than in 2011 to find the problem and fix it during a breach.

The solution? Software security training.

What does software security training do?

Software security training:

Reduces the risk of a cyber attack by up to 70%
Reduces the cost of a data breach by $8 per record, from $154 to $146
Helps retain staff. In fact, 35% of cyber security professionals say employer-supported training and certification incentivizes them to stay in their jobs

How can you prepare your team?

Anyone can drop a line and hook a single fish. But it takes expertise to manage evolving security threats. Make sure you are building security skills for the long run. The most successful training programs: