Almost half of UK businesses believe an industry skills shortage is affecting their ability to adopt data-driven security, a study has revealed.

Nearly all (97%) of those surveyed at SecureData’s annual customer event in London said data-driven security is a prerequisite for any modern cyber security strategy.

A third said they would look to ex-hackers form the black hat community to compensate for a lack of in-house skills.

The survey also revealed that while 80% of organisations are responding to incidents in-house, only 8% feel they are equipped to produce contextual threat intelligence.

To tackle this issue, two-thirds (61%) of businesses believe outsourced skills will be needed.

>See also: What happens when the hackers get hacked: inside the hackers-for-hire business

Other prominent factors preventing organisations from adopting a data-driven approach include a lack of time and resource (67%) and c-level buy-in (25%).

Only 14% of respondents were already implementing data-driven strategies in their organisations, and none thought they didn’t have a need for it.

Despite almost all firms (92%) planning to adopt data-driven security, a third (33%) reported that implementation is still is up to year away and 36% said five years was a realistic timescale.

Etienne Greeff, CEO at SecureData, said it’s little wonder businesses are considering ex-hackers for in-house security roles.

“The IT security skills shortage isn’t a new debate,” he said, “but it has now reached a point where it’s critical for businesses to think like the bad guys to stay one step ahead.

“In a world where every business is a digital business and no industry is safe from cyber attacks, it’s unsurprising that everyone is chasing the huge benefits of smarter security.