Cyber security is an important aspect of operations for any organization. Many businesses, especially small businesses, are at risk for data theft or security breaches today. Cybercrime has already become a $445 billion business and there are no signs of slowing down.
As cyber-threats become more complex, IT departments are faced with the challenge to find employees with the right skill sets to identify the risks and implement sophisticated protective technologies to address them. The cybersecurity skills shortage is estimated to generate 1.5 million unfilled positions by 2020.
The lack of cyber security professionals adds to the vulnerability of organizations all over the world. The talent shortage poses a serious risk for businesses and leaves them susceptible to cyber-attack amounting to direct and measurable damage to organizations.
The Real Risk
As we know, cybersecurity skills shortage is a global problem. The majority of IT professionals agrees to the skills gap as a major crisis in their organization. A recent report published by Intel Security in collaboration with the Center for Strategic and International Studies (CSIS) has revealed that cybersecurity skills shortage is worse than talent deficits in any other IT profession.
More than 70 percent of the respondents blamed this shortage for having a negative impact on organizations as lack of talent makes them desirable hacking targets.
According to the report, 209,000 cyber-security jobs remained unfilled in the U.S. alone in 2015. Although several organizations are increasingly losing proprietary data as a result of the cybersecurity workforce shortage, this gap is not anticipated to be bridged in the near future.
The ISACA, a nonprofit, independent association for advocating information security, forecasts that the IT industry will be hit by a global shortage of 2million cyber security professionals by 2019. On the other hand, the Center for Cyber Safety and Education predicts a shortfall of 1.5 million cybersecurity professionals globally by 2020.
Every year, 40,000 jobs for the role of information security analysts go unfilled in the U.S. According to CyberSeek, a cyber security data tool, the scenario is no different for other cyber-security related roles as employers find it hard to fill 200,000 such positions every year.
The demand for cyber-security professionals is surpassing the supply of qualified workers with every passing day. However, closing the gap is increasingly becoming a daunting task and more and more enterprises are losing revenue to the data breaches.
So, What Can Be Done to Address The Gap?
With the increase in mobile, cloud computing and the Internet of Things, in addition to advanced targeted cyber-attacks and cyber terrorism, the need for a strong, technically skilled, cybersecurity workforce is crucial. Closing that gap is not a cakewalk, and it necessitates organizations to find and nurture different types of talent in new ways.
The cybersecurity skills shortage has several dimensions. To address the gap or to work around the gap, organizations need a comprehensive cybersecurity plan that includes governance, policies, and operation excellence for software, information, and infrastructure security.
Several private and public sector organizations have already begun to develop some creative solutions. They are looking at new education models, security certifications, boot camps, and increasing the number of colleges and universities with cybersecurity programs. Many companies are also helping universities to develop curricula and providing training to early professionals.
So, here are a few tips to work towards bridging the cybersecurity skills gap:
- Improving Hiring Strategies
In order to recruit highly skilled talent, businesses need to modify their hiring strategies. This begins with setting high standards for cybersecurity jobs apart from posting a strong and effective job description. Compensation is also a key factor. Companies should improve their compensation patterns to secure and retain the top talent in the field.
- Additional Training and Certification Opportunities
Ample opportunities for training and certification can help businesses to garner a skilled talent pool. According to the Intel Security report, non-traditional methods that involve practical learning, using methods like hands-on training, hackathons, gaming, and technology exercises may prove to be a more effective way to acquire and nurture cybersecurity skills. Certifications are also helpful to ensure candidates are qualified for the particular job. Some certifications like the CISSP and CISM are highly respected among the IT community.
- Diversifying the Cybersecurity Workforce
Cybersecurity workforce can be expanded by creating a larger and more diverse talent pool. A broader base of skilled professionals can help in workforce enhancement efforts while catering to the skills gap. Employers should have a flexible attitude towards hiring people. This includes hiring talent from international backgrounds and also hiring candidates who have a history of hacking.
- Investing in The Right Technology
Organizations should invest in the right technology to collect accurate data about cyberattacks and develop better metrics to identify cybersecurity threats. Lack of data hinders the company’s ability to develop targeted cyber security strategies.
With the growing incidents of cyber crimes, it is not difficult to see why cybersecurity jobs are in demand. A recent study conducted by Cisco has revealed that 29% of organizations that faced data breaches lost revenue. Therefore, the cybersecurity talent shortage remains a serious global issue.
Although several countries have seen an overall reduction in the information security skills gap, the mismatch has grown more severe in many others. From a professional’s perspective, the imbalance between supply and demand indicates strong job prospects and high salaries. According to Bill Bonifacic, who leads the cybersecurity practice at recruiting firm blueStone Recruiting, compensation for the most senior roles in cyber security, like chief information security officer, can go up to $400,000 per year.
Cybersecurity is a demanding occupation and most employers ask for advanced certifications. A secure cyber environment demands a strong workforce and hence it mandates informed strategies and proper training before filling the gap.
As cyber threats are maturing with every passing day, the time is ripe for companies as well as countries to act on the problem and facilitate the entry of more people into this profession through improvements in education, training opportunities, workforce diversity, security technology, and data collection. The concurrent efforts are needed to fight cybersecurity threats and creating a more secure cyberspace.