As the digital revolution continues to extend into every industry and area of business, companies and organizations need a solid response to the increased risk of cyberattack that it brings. Whether building new cybersecurity departments or enhancing the resources they already have in place, this has created a surge in demand for cybersecurity professionals – a demand that exceeds what’s available in the market, resulting in a global cybersecurity talent shortage.
Since the Corona pandemic hit, cybercriminals have been using the increase in Internet traffic, remote working, and online transactions to their advantage. Today, a cyberattack occurs somewhere in the world every 39 seconds, exposing sensitive personal information, and threatening the proper functioning of government agencies, financial institutions, utility and transportation systems and more. It is predicted that by 2025, the annual cost of cybercrime globally will be $10.5 trillion, up from $6 trillion in 2021. It’s no wonder organizations are rushing to hire cybersecurity professionals.
A widening skills gap
In 2021, the number of cybersecurity positions that could not be filled by available candidates globally was 3.5 million, a 350% increase on the 2013 figure of one million. Looking to the future, the job of ‘information security analyst’ appears at number 6 in the U.S. Bureau of Labor Statistics’ list of top 20 fastest growing occupations between 2020 and 2030, with an employment growth rate of 33.3 percent, compared to the 7.7 percent average growth rate for all occupations.
True, there are more students taking up cybersecurity studies at university and college level, but it’ll take time until they are out in the workforce and have gained the necessary experience. Meanwhile, the demand keeps growing, technology keeps changing, existing cybersecurity teams can’t keep up with the workload and as many as 38% experience burnout.
Why it matters
The cybersecurity skills shortage raises three areas of concern: the first is around the management, administration and support of organizational security and operations; the second relates to the lack of cyber-engineers qualified to design security systems and develop secure software tools; the third involves a lack of awareness of cyber threats and risks amongst general employees, which can be exploited by cyber criminals.
From a business security perspective, an organization without sufficient cybersecurity expertise is in a very precarious position, at risk of cyber breaches, data loss, regulatory fines, disrupted supply chains, missed business opportunities and damage to its reputation. What’s more, the collective inability of organizations to protect themselves can culminate in a considerable threat to a nation’s economic wellbeing as a whole.
Tackling the shortage /or/ Education – the best weapon against cybercrime.
According to a study by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), the lack of highly-skilled cybersecurity professionals and the lack of proper training of non-technical employees are the most significant success factors for a data breach.
The fact is that cybersecurity does not have to be restricted to the domain of IT professionals. If properly trained with appropriate cybersecurity upskilling and reskilling, employees across an organization can help fill in the gaps, in much less time than it takes to earn a degree. Yes, this means investing time and money in cybersecurity education, training and awareness, and overcoming the cybersecurity training paradox, whereby – for both cybersecurity professionals and non-technical employees – the day-to-day demands of a job get in the way of skills development. But, since everyone is a potential weak point in an organization’s cyber defenses, it is critical to give them the tools they need to identify, prevent and mitigate a cyberattack.
A word of caution
Before you embark on a cybersecurity training program for your staff, do bear in mind two key pieces of advice. First, this is an area of expertise that will be relevant and in demand for decades to come, so you should consider it to be an investment in your business, and fund it appropriately. According to a recent survey, while cybersecurity professionals seek to achieve at least 40 hours of training each year, nearly a quarter (21%) did not meet this number, mainly because they couldn’t afford it by themselves, and their employers wouldn’t pay for it. This must change.
Secondly, don’t rush to book the first training program you come across. Yes, there is a real urgency to the need to reskill and upskill your people, but not every course on offer is worthy of your time or resources. Be discerning and shy away from those that are less-than-adequate. Rather look for a provider that offers a wide range of topics, keeps up with emerging threats and technologies, caters to the skill level and understanding of people throughout your organization, and uses effective teaching methods.
To find out how CyberGymIEC can help you close the cybersecurity skills gap, contact us.