Thinking Ahead: Building a pipeline of cybersecurity talent

By Laurence Galland, Chief People Officer, Exclusive Networks.

While cyber threats continue to increase in number and become more sophisticated, the cybersecurity industry is suffering from a serious shortage of experts. This leaves the data of companies, governments and individuals vulnerable. With an estimated three million positions vacant across the globe, creating a pipeline of cyber talent has never been more important.

So, what is causing this gap? Ultimately, technology has advanced at such a rapid rate over the past few decades that the relevant skill sets, such as cybersecurity, have struggled to keep up. This has been exacerbated by the Covid pandemic – with companies accelerating their digital transformation, there has been more demand than ever for cybersecurity professionals to deliver cybersecurity solutions and protect digital infrastructures. In Europe, demand for cybersecurity skills grew by an average of 22% in the past year alone.

Identifying the root of the shortage

While the ability for supply to match demand was always going to prove difficult in such a fast-growing sector, there are other factors also contributing to the shortage.

Firstly, a lack of alignment between the education system and labour market demands. At present, schools that teach IT courses are not covering the full spectrum of technology skills and therefore not matching the skills required by employers. Integrating technology skills into lessons across all subjects is essential to support the development and competitiveness of the cybersecurity industry.

Next, employers also have a role to play in moving away from impractical expectations and niche job descriptions which can eliminate excellent candidates from the application process that would otherwise be assets to the organisation. For example, prioritising computer science and technology degrees in job requirements fails to account for people with both technical and non-technical skills that can be easily upskilled into this profession.

Impact on businesses and people

When it comes to businesses, governments and institutions, the impact of the cybersecurity skills gap is clear to see. Many organisations simply do not have sufficient security measures in place, leaving them more vulnerable to potentially catastrophic data breaches as well as reputational and financial damage. In 2022, the average cost of a data breach amongst global organisations is USD 4.35 million per attack, up 2.6% from last year. With skills supply so low, salaries for cybersecurity professionals are also rising, increasing outgoings for businesses in an already uncertain economic environment.

Shortages in cyber skills are also slowing down the pace of innovation, as organisations don’t have enough – or any – staff capable of developing and/or implementing new technologies such as Blockchain, Artificial Intelligence and Virtual Reality.

From a human resources perspective, the pressure that many cybersecurity teams are under combined with a lack of staffing has led to burnout and many leaving the profession, in turn worsening the shortages. More than a third of the cybersecurity workforce are exploring new careers.

Taking steps to fill the gap

While this paints a bleak picture, steps are being taken to address the cybersecurity skills shortage. For example, in September the UK government launched a £50 million cyber academy to support the training of world-class cyber experts both nationally and internationally. At Exclusive Networks, this month we launched the Exclusive Academy, a global cybersecurity training programme where participants will benefit from specialised training over a three-year period, as well as practical field experience.

With that in mind, here are four key steps employers can take to address the cyber skills shortage:

1. Focus on retention – Ensure your cybersecurity team feels supported to handle the often intense pressure that comes with the job, both emotionally and practically. Give your team time off when needed and see if there are any tasks that could be automated to free up time.

2. Invest in training/upskilling – Make it a priority to invest in training so employees can continue to learn and have the chance to try different things. Look for opportunities to retrain and upskill people within your organization, as well as underrepresented groups outside your sector. 3. Collaboration – With digital transformation affecting every sector, more than a third of all jobs worldwide are likely to be transformed by technology in the next decade. In order to keep up with the pace of change, businesses, governments and the education sector need to be closely aligned to understand and meet the needs of the future.

To adequately protect ourselves against the current and future threat landscape, we will need to see a 65% increase in the global cybersecurity workforce. To achieve this, businesses must urgently come together with both educational institutions and governments to provide access to the right training and job opportunities so we can nurture the next generation of cybersecurity talent.

By Michelle Grafton, Regional Head of Solution Specialists ESA, Iron Mountain.
By Dr Lucie Kadlecová Senior Associate at CybExer Technologies & Scholar on State Sovereignty in Cyberspace
By Daniel dos Santos, Head of Security Research, Forescout Vedere Labs.
By Christopher Rogers, Technology Evangelist at Zerto a Hewlett Packard Enterprise company.
OpenText has released results of the OpenText Security Solutions 2022 Global Small-Medium Business (SMB) Ransomware Survey. Findings show growing concern about ransomware attacks, the impact of geopolitical tensions and rising inflation rates. Eighty-eight percent of respondents noted they are concerned or extremely concerned about an attack impacting their business.
By Leyton Jefferies, Head of Cyber Security Services, CSI Ltd.
By Christian O’Connell, Chief Data Scientist, at Venari Security.