None of the top 10 U.S. computer science programs at American universities require a single course in cybersecurity before graduation, signaling a dearth of proper training for the next generation of IT administrators and developers.

The statistic comes via an independent study of 121 universities commissioned by CloudPassage, a company specializing in cloud infrastructure security solutions.

In fact, the only school out of the top 36-ranked computer science undergraduate programs in the country to require a cybersecurity course was the University of Michigan, which ranked in 12^th on last year’s study, according to the report.

Furthermore, 3 out of the top 10 computer science programs don’t even offer a cybersecurity class as an elective, the study found.

Rochester University offers the most cybersecurity electives of any computer science program in the country, with 10 available security electives. The University of Alabama is the only school to require three or more cybersecurity classes for an information systems or computer science degree.

CloudPassage CEO Robert Thomas said cybersecurity automation will only go so far in preventing the next major cyberattack – the long-term solution will be in educating IT professionals to identify these threats so they can develop more secure code.

“I wish I could say these results are shocking, but they’re not,” said Thomas, in a statement. “With more than 200,000 open cybersecurity jobs in 2015 in the U.S. alone and the number of threat surfaces exponentially increasing, there’s a growing skills gap between the bad actors and the good guys. It’s not good enough to tack cybersecurity on as an afterthought anymore. This is especially true as more smart devices become Internet accessible and therefore potential avenues for threats.”

All of the schools studied were taken from three 2015 rankings, including U.S. News and World Report’s Best Global Universities for Computer Science, Business Insider’s Top 50 best computer-science and engineering schools in America and QS World University Rankings 2015 – Computer Science & Information.

These figures are especially worrying to members of the channel community because a lack of educated professionals could potentially lead to lost revenue or customer dissatisfaction because of unforeseen security breaches. Currently, the average cost of a cyberattacks is $551,000 for enterprises and $38,000 for small businesses, according to Kaspersky Lab’s 2015 IT Security Risks Survey. And with the number of new malicious software created increasing monthly, channel companies need to take every precaution necessary to ensure that their customers’ sensitive data remains safe.

Check out CloudPassage’s official infographic for more details: