In the age of business-crippling cyberattacks, we need cybersecurity professionals more than ever before, but they’re proving harder to find and keep. A recent study by ISC2 – a global non-profit for cybersecurity professionals – found four million unfilled cybersecurity jobs throughout the world.
And it has a significant effect on business. A global study of cybersecurity professionals, conducted by the Information Systems Security Association (ISSA) and the Enterprise Strategy Group (ESG), found that 70 percent noted that skills shortages are impacting their organization negatively.
It’s crystal clear: the world needs more cybersecurity professionals. And the global security workforce is predicted to need an increase of 145 percent to deal with the hiring demand. So with a strong demand for InfoSec professionals, why is there such a shortage?
Firms aren’t doing enough to equip and power their IT staff
According to ICS2’s report, they surveyed 3,300 IT professionals who are overwhelming concluded that education was severely lacking in many organizations. But, aside from under-investment in education and training, the reasons behind the shortage going on. They include the gender gap, technologies evolving beyond traditional skillsets and the cybersecurity industry’s inability to market itself as a diverse place to work. The skills gap is increasing at a rapid rate, bringing significant and ongoing challenges to the industry.
Data breaches are on the rise
It’s a known fact to those in the industry, but a global study from ESG and ISSA confirmed it: without cybersecurity professionals in post, businesses suffer from more data breaches. Respondents cited lack of adequate training of non-technical employees (31 percent of respondents) and a lack of cybersecurity specialists (22 percent of respondents) as the top factors that caused security incidents.
But there’s more. 66 percent claim skills shortages result in increased workloads for existing staff, which is putting them under severe pressure. Perhaps most shockingly, nearly half (47 percent) said the cybersecurity skills shortage means they can’t thoroughly learn and utilize all of their security technologies to its full potential. Firms are investing in security tools without knowing how to use them.
Many organizations are struggling to protect themselves, their employees, and their future. So how do we solve this problem? And how can your business avoid the abyss?
Tips to stay ahead of the cybersecurity skills shortage
Invest, invest, invest…
Then invest some more in your IT professionals. For them to be the best they can be, and as they continuously evolve to keep up with an ever-changing threat landscape, resources are imperative. ISC report that 24 percent of IT professionals said inadequate budgets for security initiatives would put them off taking a job, with 36 percent saying that a lack of skilled personnel already in the organization would also do the same.
It’s hard to justify your IT spend at the best of times. But with the average cost of a data breach in 2019 landing anywhere between $108,000 for small- to medium-sized businesses (SMBs) and $1.41m for enterprise-level organizations, arming your IT professionals is a necessary investment to prevent more severe costs of data breaches.
Diversify your search
The more diverse your team, the more likely they are to develop innovative ways to protect your business. But surely a team with similar skills would work together the best? Not true.
Your business needs to embrace the talent, creativity and curiosity those with a traditional computing-related degree may lack.
Homogenous teams may not innovate at the rate as a diverse one from different backgrounds. Building that team starts with hiring more women. According to a recent Kaspersky study, women account for just 10 percent of the global cybersecurity workforce. For employers to get ahead of the skills gap, it’s imperative to tap into the stream of female IT professionals. And there are many ways to do that, for example, networks like the UK’s Women in Technology is dedicated to developing talent. One other includes Kaspersky’s CyberStarts, a European campaign that aims to tackle both the skills gap and the gender disparity in the industry.
Your business needs to embrace the talent, creativity and curiosity those with a traditional computing-related degree may lack. The world of cyberattacks is evolving rapidly, which means your hiring processes need to change alongside it.
Grow your team from the inside out
Struggling to find the right person for the job? Find them within your organization. Cybersecurity education is no longer confined to computer science programs and graduates, and you could benefit from upskilling your existing staff. According to ISC’s research, 70 percent of organizations give priority to training and promoting from within.
But how do you educate employees from scratch? Well, there are a variety of new education tools cropping up outside of traditional classroom environments, like Google Gruyere and Immersive Labs. There will be some start-up costs, but with IT security budgets for enterprises increasing by an estimated $2m on average, it’s a worthwhile investment.
The global cybersecurity workforce gap is daunting, which makes the ever-evolving threat landscape more of an issue for businesses. Kirill Shiryaev comments:
If you’re looking to protect your business against cyberattacks, start increasing your efforts on hiring and keeping the right talent.
Head of HR Marketing, Kaspersky