Where's the talent to meet demand for cybersecurity skills?

Businesses are more aware than ever that they need employees with skills in cyber security - but while the demand is there, too few people are entering this field of work

In a world where the majority of businesses increasingly rely on digital technology on a day-to-day basis, cyber-attacks are becoming ever more common. Consequently, it is more important than ever before that businesses are adequately protected from cyber threats.

Experts claim that cyber-attacks represent 'the greatest threat to every company in the world', with projections suggesting that the cybercrime will cost the world $6trillion annually by 2021.1 But for many, cybersecurity still tends to be somewhat of an afterthought.2

According to research published by the International Information System Security Certification Consortium (ISC2), 65% of organisations represented in their study have a shortage of staff dedicated to cyber security.3 Yet, at the same time, we are witnessing a dramatic increase in opportunities in the cybersecurity industry. For instance, the number of active cyber security firms in the UK increased by 44% from 2017 to the end of 2019.4

Nonetheless, similar to many STEM industries, the field of cybersecurity faces a severe shortage of talent. It is suggested that the global cybersecurity workforce needs to grow by 145% to meet the demand for skilled talent.5 It is no surprise, therefore, that '79% of CEOs fear skills shortages and cyberattacks as some of the biggest threats to their enterprises'.6

Contrary to popular belief, the greatest virtual threats today aren't the headline worthy state-sponsored attacks or 'a hacker culture run amok'. According to John Reed Stark, former chief of the SEC's Office of Internet Enforcement, the most dangerous looming crisis is instead a severe cybersecurity labour shortage.7

What do cyber-attacks look like?

Most cyber-attacks begin with a simple email with more than 90% of successful hacks and data breaches stemming from 'emails crafted to lure their recipients to click a link, open a document or forward information to someone they shouldn't', a simple tactic referred to as 'phishing'.

Organisations can spend a fortune on technology and services and still be vulnerable to 'old fashioned manipulation'.8 Given the commonality of such attacks, a third (34%) of organisations surveyed in 2018 cited careless or unaware employees as their biggest vulnerability to cyber threats.9

And with the current health crisis, this is becoming even more of an issue for businesses in the UK, with firms facing more threats than ever before. Since the onset of the pandemic, 80% of cyber threats have used COVID-19 as leverage, with the most popular and effective attack being credential phishing.10

As cyber threats increase and remote working becomes more commonplace, it is vital that businesses - especially small ones - stay vigilant, as nearly half of all cyber-attacks are committed against them. Furthermore, 28% suggested that their information security function does not currently meet their needs or must be improved when surveyed by EY.11

Where should employers look for talent?

As businesses have become more digitised and aware of the dangers posed by cybercrime, the demand for cybersecurity skills has sky rocketed, with more and more businesses beginning to recruit their own staff instead of depending on consultants. Between 2018 and 2019, job site Indeed recorded a 15% increase in cybersecurity postings, a trend that is expected to continue.12

Nevertheless, regardless of the demand, 'if the talent isn't there, the gap will never close'.13 Experts have suggested that companies tend to have unrealistic demands of experience and technical competence when trying to procure cybersecurity talent, while also exclusively targeting those in computer science and IT. But they are beginning to recognise that this shortage will not go away without thinking outside of the box and being more flexible in their criteria for potential recruits.14

One way that businesses can get around this is by reskilling their existing workforces - IT generalists, for instance, have a solid foundation to contribute to an organization’s cybersecurity practice.15 Businesses should consider making the investment to pay for existing employees to gain certification via fully-certified training courses - the ISC2 provides a list of globally recognised certifications, including summaries of each.

With the cost of cybersecurity certifications being a big hurdle, offering certification for both existing and potential employees can be a big step towards many companies fulfilling their needs for skilled labour in cybersecurity.16

Moreover, with cybersecurity professionals being twice as likely to be male, if companies can overcome common stereotypes in hiring and work to make their job adverts more gender inclusive, this under-tapped demographic can be vital to addressing skills shortages.17 As initiatives like Digital Her continue to encourage more young women to enter the industry, hopefully more women will be motivated to seek out employment in cybersecurity in years to come.18

Notes

1. 2017 Cybercrime Report, Cybersecurity ventures, 2017.
2. Cybersecurity in the Fourth Industrial Revolution: Reducing Risk in Times of Rapid Change, Netscout, 2019.
3. (ISC)2 Cybersecurity Workforce Study, (ISC)2, 2019.
4. Addressing the cybersecurity skills gap, UKTN, 2020.
5. (ISC)2 Cybersecurity Workforce Study, (ISC)2, 2019.
6. Most U.K. Firms Suffer Basic Cybersecurity Skills Shortage: Research, CISOMAG, 2020.
7. 2017 Cybercrime Report, Cybersecurity ventures, 2017.
8. Ibid.
9. EY Global Information Security Survey 2018–19, EY, 2018
10. Addressing the cybersecurity skills gap, UKTN, 2020.
11. EY Global Information Security Survey 2018–19, EY, 2018
12. The State of Cyber: What the Sector's Growth Means, Indeed, 2019.
13. A guide to cyber security certification and training, IT Pro, 2020.
14. What are the biggest career trends in cyber security?, IT Pro, 2019.
15. (ISC)2 Cybersecurity Workforce Study, (ISC)2, 2019.
16. Ibid.
17. Ibid.
18. Addressing the cybersecurity skills gap, UKTN, 2020.

Written by

Micha-Shannon Smith

Assistant information analyst

Prospects