Why The Cyber Security Skills Gap Continues To Widen
There’s no doubt about the importance of ensuring your company has the right cybersecurity measures in place. But it’s not easy, especially given how quickly (and sophisticatedly) malicious attacks can be launched today.
While relying on the experts to support and safeguard your systems is a must, it is becoming increasingly difficult to source them thanks to a global cybersecurity skills shortage. Let’s take a closer look at the problem, the reasons behind it, along with some possible solutions.
The Problem
According to a study commissioned by the International Information System Security Certification Consortium, November 2019 saw approximately 2.8 million security professionals employed worldwide, along with an estimated need for a further four million trained professionals to close the cybersecurity skills gap.
In the same survey, 65% of organisations surveyed said they experienced a shortage of cybersecurity employees, while another study carried out by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) in July 2020 found that 45% of respondents believed the skills shortage had gotten worse this year. A mere 7% felt there’s been an improvement.
While the obvious consequence of this cybersecurity skills shortage is a rise in malicious attacks, it also places immense pressure on those specialists already in the job, with increased workloads and falling productivity.
As companies continue to struggle to fill those vital open roles, they may also miss out on the chance to fully realise the potential of the upgraded security technology they’ve invested in.
Some Reasons Behind The Skills Shortage
There are a host of reasons for the current cybersecurity skills shortage, but according to the studies mentioned, the three most prominent appear to be:
1. A Lack Of Career Development And Training
Cybersecurity employee respondents in the ESA and ISSA study felt the industry at large provides no clear career map. As a result, many cybersecurity employees tend to flit from one job to another without much professional support or direction. The consequence is they often find it difficult to hone their skillset in a logical and methodical way.
Unfortunately, this appears to go hand in hand with the fact that many companies are reluctant to invest in adequate amounts of cybersecurity training (almost 65% of respondents in the ESA and ISSA survey said their organisations do not train their cybersecurity professionals).
2. The Experience Paradox
To be a successful cybersecurity specialist requires hands-on experience. But it’s quite difficult to do without holding the role in the first place! When you consider that experts in the field believe it takes between three to five years to gain the right proficiency, it’s not surprising there is a skills shortage.
3. Not Enough Knowledge About The Importance Of Cybersecurity Specialists
Across the board, there seems to be a lack of top-down strategic planning around cybersecurity specialists within an organisation. Many businesses do not seem to fully understand the role these experts play, leaving them floundering without the right resources and support to get their job done properly.
A Few Ways To Address The Skills Shortage
Like most big problems, the solution to the skills shortage is multi-layered and requires some leg work. From the study findings, it seems it should comprise three components:
1. Showcasing The Value Of A Cybersecurity Career
This starts in high schools and should continue right through to tertiary education, highlighting the valuable role cybersecurity employees play in the overall health of a company. It should also extend to the industry at large, with the onus on them to provide clear and comprehensive career pathways, with standardised training and development points along the way.
2. Redefining Candidate Requirements And Nurturing Talent
Businesses looking to hire new cybersecurity talent may need to take on a broader view of the skills required to allow people to get their foot in the door.
Another way is to nurture the talent within, honing in on those with the aptitude and a desire for training. After all, it’s just as important to spend money on training the protectors, as it is in the technology to protect.
3. Making Cybersecurity A Priority In All Aspects Of Your Business
One of the hardest parts of a cybersecurity specialist’s job is securing buy-in from other parts of the organisation. In a tech space, this extends from your frontline support staff, all the way through to developers and project managers.
If leadership can take the reins and clearly demonstrate that cybersecurity is a company-wide commitment, this eases the burden on those often overwhelmed security professionals. As an example, a simple starting point could be training employees to recognise phishing emails.
As you can see, there is still quite a bit of work to do to address the cybersecurity skills shortage, but it’s imperative as hackers become ever smarter and ever sneakier. If you’re not sure how your company stacks up cybersecurity wise, this article is a great starting point.
However, if you’re a cybersecurity specialist looking for your next role, or company in need of one, please let the team here at Finite know as we’d love to help.
IT Project / Program Manager at South Australia Police
4 年Good article Sarah. I think the last point is important that cybersecurity needs to be incorporated into strategy then tactical projects as part of solution development from the outset rather than an after thought or secondary deliverable. The cybersecurity professional should be part of or consultant to, the project delivery team.
Reho Travel
4 年Thank you Sarah, Having just completed a Cyber Security course I am finding it difficult to get any feedback on applications, let alone an interview. My interest is GRC and I have experience with this from my previous life in the corporate travel industry. But still can’t get a look in due to lack of cyber experience, I assume. Thank you for a great read
Consultant at Chamonix IT
4 年Jo Maslin