Spotlight on leadership and cybersecurity in changing times
Metin Mitchell, Managing Partner, and guest contributors
The growing shortage of cybersecurity talent – how bad is it?
This year I am delighted that we have launched our cybersecurity practice to help our clients address one of their most critical issues, that of assessing and sourcing cybersecurity talent.
Much has been written about the growing shortage of cybersecurity skills and here I share just what the scale of this shortage is and its impact on business.
The most recent report is from CapGemini. Last month, their report, Cybersecurity Talent: The Big Gap in Cyber Protection, showed that corporate demand for cybersecurity skills is rising faster than internal supply.
They surveyed more than 1,200 senior executives and front-line employees and also included social media sentiment of more than 8,000 cybersecurity employees. 68% of organizations reported high demand for cybersecurity skills – compared to 61% demanding innovation skills and 64% needing analytics skills.
They then measured this against the availability of existing, proficient skills in the organization – and identified a 25% gap for cybersecurity skills. Their report said there was already 43% availability of proficient skills.
They predict that demand for cybersecurity talent will grow over the next 2-3 years; 72% of respondents predicted high demand for cybersecurity in 2020, compared to 68% today.
The industry magazine, Information Management, reported on two studies at the end of last year which they said gave “an alarming view of the state of data security” with organizations complaining of woeful lack of cybersecurity professionals.
The CyberSeek report from CompTIA, which tracks supply and demand in the cybersecurity space, says cybersecurity jobs must double in order to meet current demand. While the 2017 RedSeal Resilience Report says a majority of organizations lack the tools and resources they need to protect their data assets.
According to the RedSeal report, the data threat landscape is evolving much faster than security teams can respond. Nearly 80% of respondents said “they could not access insights that help to prioritize their response to a data security incident”, while 55% said they could not react quickly enough in the event of a major security incident.
Only 20% of organizations said they are extremely confident that they could run as usual after discovering a cyberattack or data breach.
It is concerning that most organizations (55%) say they don’t test their data security strategies enough because they are too resource intensive, take too much time or outside budget. It could be argued that this is because there is not enough budget commitment to this area – but the report suggests it is more down to lack of skilled people.
According to Cisco, in its 2017 Annual Cybersecurity Report, the main barriers to adopting advanced security products and solutions are budget (35% of respondents), product compatibility (28%), certification (25%) and talent (25%).
So what should organizations be doing? My colleague, Raef Meeuwisse looked at this in his blog Is there really a cybersecurity skills shortage?
The CapGemini report offers the following to address the problem
- Integrate security across the organization
- Maximise existing skillsets – many employees are already investing to update their own skills, are they being used?
- Think outside the box in recruitment, “for example, people on the autism spectrum are fantastic at pattern spotting and are often blessed with numerical and problem-solving skills, attention to detail and a methodical approach to work – all useful traits for cybersecurity best practice”
I would agree about thinking outside the box in recruitment and that is what we are focusing on in our practice.
However, what is interesting is that these reports cover the shortage in current cybersecurity skills, as we know them.
But I increasingly believe we need a new model of cybersecurity skills at leadership level – people who have strong technical skills but can also influence behaviours. Cybersecurity is not just about technology – it is about getting employees across the board to implement best behaviour. Not pin their password on their computer screen, use their dog’s name for their password or fail to update as requested by IT.
The new breed of professionals need to be great communicators and persuaders as well as having strong tech skills.
Could this open up new areas to find the cybersecurity skills we need – or will it make the skills shortage even worse?
Published in Cyber securityTagged under insights jobs professionals back to top