- Industry estimates indicate there are around 3 million cybersecurity professionals worldwide and over 60% more are required to address the global needs of businesses and governments.
- There are no easy short-term fixes in solving the recruitment problem in the cybersecurity sector. A concentrated effort across a number of entities, including government, industry, and education, will be required.
Exponential Rise in Cyber-Attacks as the Globe Reaches 2020 Year-End
Exponential increases in cybersecurity attacks are nothing new. In fact, if you cast your eyes back to 2017-2019, attacks like malware in mobile increased by over 50%, over 40% of commercially available IoT devices had some form of security breach, and applications like cryptocurrency coin mining quadrupled in cyber-attacks. Cybersecurity spending in countries like the U.S. also increased over $14 billion in 2019. With this in mind, as we approach 2020 year-end, the worry of going into some form of lockdown as a result of increased spikes in COVID-19 puts further fuel on increased cyber-attacks. Just in the past two months, we have seen attacks on organizations like NATO (i.e., phishing) and the International Maritime Organization (IMO), the U.N.’s shipping agency (i.e., a sophisticated cyber-attack that disabled its website and intranet).
Growth of the Cybersecurity Industry
As global organizations struggle with the ever-increasing battle with cyber-attackers, cybersecurity vendors and providers of services are seen as the savior to help businesses and governments by implementing effective cybersecurity defenses in their networks and IT environments. This is resulting in significant spending on cybersecurity, with some industry experts predicting the market to grow over $150 billion by 2022. However, as businesses and cybersecurity vendors play the cat-and-mouse game with hackers, there is significant pressure on both enterprises and vendors having the right level of resourcing and skills across their security, operations, marketing, and development functions. Industry estimates suggest that there are around 3 million skilled cybersecurity professionals worldwide and over 60% more are required to address the global needs of businesses and governments. From a geographical view point, the majority of resourcing gaps seem to be in Asia, followed by the U.S. and then Europe.
What Are the Factors Driving Skill Shortages in Cybersecurity?
There have been a number of independent studies conducted to try to establish the drivers of skill shortages in the cybersecurity sector, with all giving different points of view. However, GlobalData’s discussions with CISOs and vendor HR groups seem to highlight the following contributing factors:
- Qualifications and Training – The cybersecurity segment is still regarded as a ‘high-end’ specialist area, which is highly fragmented in terms of discipline areas requiring various accreditations and specialist skills. As a result, the quality of training offered in the market is often mixed, resulting in individuals entering the field with an unclear career path to follow.
- Technology Fragmentation – The changing, complex landscape in cybersecurity as well as technology covering areas like cloud, networks, data privacy, analytics, AI, regulation and compliance, research, and implementation makes it difficult to recruit high-caliber individuals to fill these roles successfully.
- Diversity – The cybersecurity segment is not as diverse in terms of male/female ratio as some other emerging areas like digital, thus limiting access to a large, skilled resource pool.
Strategies to Consider
With the large skills gap in place, there are no easy short-term fixes in solving the recruitment dilemma facing the cybersecurity sector. To try to bring the sector in line over the next two to four years with other sectors higher up in the ranking (e.g., digital and enterprise application development), what will be required is a concentrated effort across a number of entities including government, industry, and education. However, in the short term, businesses, global enterprises, and cybersecurity vendors can implement a number of initiatives to drive the recruitment and retention rate. GlobalData’s discussions with the industry highlight the following strategic considerations:
- CISOs Need to Invest More in Building Their SOCs – CISOs need to invest more by driving recruitment campaigns and introducing effective training and accreditation programs that are aligned with skills demand.
- Drive Skills Development Through Internal Academies – A number of global providers like Orange Cyberdefense and Telefónica’s ‘ElevenPaths’ have developed internal academies with an aim to recruit candidates and put them through an effective cybersecurity skill training program that is aligned to the needs of the business.
- Define Clear Career Roadmaps and a Culture of Reward and Belonging – The cybersecurity landscape is continuously changing with the advancement in technology. For example, demand in skills cuts across software development, data privacy, networks security, security analysts, regulatory and compliance, AI/ML, and cloud security. Subsequently, retaining good talent across multiple areas will require companies to implement clear career roadmaps, with differing rewards schemes in terms of training, accreditation, work, and responsibility.
- Broader Recruitment – The cybersecurity industry in the long run will benefit from broadening recruitment needs and tapping into individuals through apprenticeships, graduate recruitment campaigns (technical and non-technical backgrounds), focusing on individuals early in their career, and lowering the barriers to seasoned professionals looking to make a change in career. This will require close interaction between government, education, and the cybersecurity industry.