Hiring Amid Cybersecurity’s Rapid Growth & Talent Shortage!

There are over 5.5 million cybersecurity professionals globally, as estimated by ISC2. Between 2022 and 2023 the cybersecurity workforce increased by 8%.? At the same time, there is a global deficit of 4 million cybersecurity professionals. The rise of AI has created new vulnerabilities in the IT landscape. A notable example is the recent deepfake CEO scam, where an employee in the finance department was defrauded of $25 million. This incident underscores the urgent need for robust cybersecurity measures in all organisations to protect against emerging threats.

In honour of Cybersecurity Awareness Month, we'll explore the cybersecurity market, its growth, its workforce, and the factors driving hiring trends in this edition of “The People Weekly”. As always, “The People Weekly”, an endeavour of PeopleLogic, brings trending industry insights and information first to our valued readers.

Cyber Security Market Size and Growth?

Gartner has predicted that the spending on Information security will reach $212 billion by 2025 which is an increase of 15% from 2024 where the spend will be $183.9 billion. In fact, as per Gartner, 17% of cyber attacks will involve GenAI by 2027. As LLMs are being increasingly used and more and more organisations are migrating to the cloud, the cyber security industry will see more companies adopting security measures to protect their data.

The cybersecurity market size will reach over $207.77 Billion by the end of 2024 and will grow at a CAGR of 12.63% to reach $376.55 by 2029. The Indian cybersecurity market crossed? 6 billion dollars in 2023 growing at a CAGR of 30% between 2019 - 2023.

Indian cybersecurity market growth- segment-wise

• ?As per DSCI, the Indian cyber security product market grew from USD 1.03 billion in 2019 to reach USD 3.76 billion in 2023.
• BFSI spending on cyber security increased from $518 Billion in 2019 to $1,738 Billion in 2023.
• The investment in cybersecurity in ITS/ITES grew by 36% during 2019-2023.

India's cybersecurity landscape is rapidly evolving, with a multitude of new startups emerging. There are nearly 1,408 cybersecurity startups in India as of September 2024.

Audacious Cyber Attacks and Hackers

Cybercriminals are constantly evolving their tactics, leveraging AI to launch increasingly sophisticated attacks. A recent report highlighted how AI is making it difficult for cybersecurity professionals to stay ahead.

One notable example is the impersonation of Chief Justice Chandrachud on X, a scam that targeted a Supreme Court security inspector. This incident demonstrates the growing prevalence of impersonation attacks targeting politicians, ministers, and other prominent figures.

The most common types of cyber attacks an organisation (private or public) or an individual may face are

1. Phishing?
2. Social Engineering Attacks
3. Ransomware Attacks
4. Malware & Virus Attacks
5. Denial of Service Attacks (DoS)
6. Spyware & Adware Attack?

As per Forbes , there were 2,365 cyberattacks in 2023, with 343,338,964 victims. Very recently, the Paris Olympics was subjected to 140 cyber attacks. The infamous IT outage worldwide that affected 8.5 million Microsoft Windows devices that caused widespread disruptions in airline service, banking, broadcasting, healthcare and retail industry services happened just 2 months ago. As per an IMF report in the past two decades, almost one in five reported cyber incidents have affected the global financial sector, causing $12 billion in direct losses to financial firms. A report from QBE insurance firm? predicts that organisations will be hit by 211 significant disruptive and destructive cyber attacks this year, which is double that of 2020.?

The need for cyber resilience?

By 2026, almost 75% of all organisations would have shifted to cloud platforms and so there is an increasing need for adoption of cyber security and risk management measures. As of today, sadly only 2% of businesses have implemented cyber resilience across the organisation.

?However, as per a report by PwC, 77% of organisations expect their cyber budget to increase. The top four cyber threats found most concerning — cloud-related threats (42%), hack-and-leak operations (38%), third-party breaches (35%) and attacks on connected products (33%) — are the same one's security executives feel least prepared to address.

Cyber Security Talent Landscape

In this scenario, the demand for cybersecurity professionals is ever-increasing. The question is how many more cyber security professionals are required to resist the ever-increasing cyber attacks? WEF has predicted an acute talent shortage of 85 million workers across nations by 2030. 4 million cyber security professionals are needed immediately to plug in the talent needs of the industry.?

The shortage is more pronounced in the Asia-Pacific region which requires 25 million cybersecurity workers followed by North America with a talent shortage of 522,000 workers.? This workforce shortage is most pronounced in the government, education, and healthcare sectors. Also domains like cloud security, malware analysis, and cyber threat intelligence lack specialised talent.

India, with its strong young workforce unfortunately is also facing an acute talent shortage. In the year 2023, there were around 300,000 cybersecurity professionals in India. That is around 5% of the overall global workforce. And yet, India still needs at least 8 lakhs cyber security professionals as per WEF cybersecurity head Akshay Joshi. In May 2023, 40,000 cyber jobs remained unfulfilled.?

Some of the major reasons for this shortage are?

1. Skill Gap
2. Lack of resources esp in public sector organisations and SMEs
3. Challenges in attracting, hiring, and retaining cyber specialists
4. Rapid Evolution of Cyber Security Vs Upskilling & Skill Development of the Workforce

Hiring Cyber Security Professionals

One of the major hiring challenges organisations face while hiring cybersecurity professionals is the shortage of talent. Organisation have to strategize to counter this. Some of the strategies the hiring team can adopt are?

1. Skills first approach to hiring:? Rather than focus and insist on formal education, candidates must be identified on the basis of their skills and experience. In a recent report published by LinkedIn on the cybersecurity hiring landscape, it was found that only 5% of all job postings required no formal 4 years degree. In India, a meager 0.38% of cyber security jobs require no formal education. By stressing experience and skills, organisations can attract good talent in cyber security.
2. Wider Talent Pool to include entry level professional: Often JDs for cyber security jobs are detailed and extensive requirement listings. This discourages entry-level professionals from applying. By making roles accessible to entry-level professionals and recent graduates, organisations can tap into a diverse talent base and develop these individuals through on-the-job training and mentorship programs. This approach not only addresses the skill gap but also nurtures a future-ready workforce, helping to build long-term cybersecurity resilience.
3. Invest in diversity & inclusion: Cybersecurity is a domain that faces a huge gender gap with most of the workforce being men. Women make up less than 1/3rd of the workforce globally.?
4. Professional Development Opportunities: Due to the rapid evolution in the landscape a cyber security professional has to constantly upskill oneself. Highlighting opportunities for employee development and training programs to help cybersecurity professionals stay up-to-date with the latest trends and technologies including certifications, conferences, and mentorship programs will help attract talent.
5. Allocation of sufficient recruitment budget: Competitive salary and benefits are a major attraction for any candidate. Ensuring that salary and benefits are competitive, with bonuses, flexible work hours, and perks that align with employee expectations will involve setting a sufficient budget. This warrants detailed and in-depth market research. A few best recruitment agencies in India like PeopleLogic,? do provide market intelligence to their clients to help them set the budget.?

PeopleLogic Opinion

The rise of AI and generative AI has created new opportunities and vulnerabilities. As technology advances, the risk of cyberattacks increases. Organisations must prioritise cybersecurity resilience by implementing robust measures and hiring the right talent. This requires strong leadership and innovative hiring strategies.