32% of respondents say their organization has an acute shortage of application security skills. That isn't a surprise because application security is one of the most important areas of info sec that is too often overlooked. CISOs faced with a skills shortage here should look toward service providers and automated tools from O WASP or vendors such as IBM, Vera code or White Hat Security. The ESG/ISSA data reinforces my position that the cyber security skills shortage represents an existential threat. Enterprise organizations, many of those that handle our data and transactions daily, are understaffed and under-skilled.