Exponential increases in cybersecurity attacks are nothing new. In fact, if you cast your mind back to 2017-2019, attacks like malware in mobile increased by over 50%, over 40% of commercially available IoT devices had some form of security breaches, and applications like cryptocurrency coin mining quadrupled in cyber-attacks. Cybersecurity spending in countries like the US also increased more than $14 billion in 2019. With this in mind, as we approach 2020-year end, the worry of going into some form of lock down as a result of increased spikes in Covid-19 puts further fuel on increased cyber-attacks. Just in the past two months we have seen attacks on organizations like NATO with phishing, and the U.N shipping agency, the International Maritime Organization (IMO), with a sophisticated cyber-attack that disabled its website and intranet.
Cybersecurity skill shortages are a widespread problem
As global organizations struggle with the ever increasing battle with cyber attackers, cybersecurity vendors and providers of services are seen as the savior to help businesses and governments by implementing effective cyber security defenses in their networks and IT environments. The result is significant spending on cybersecurity, with some industry experts predicting the market to grow more than $150 Billion by 2022.
However, as businesses and cybersecurity vendors play the cat and mouse game with hackers there is that much more pressure on both enterprises and vendors in having the right level of resourcing and skills across their security, operational, marketing and development functions. Industry estimates suggest that there are around 3 million skilled cybersecurity professionals worldwide and that a further 60% plus are required to address the global needs of businesses and governments. From a geographical view point, majority of resourcing gaps seem to be in Asia, followed by US and then Europe.
Initiatives to drive recruitment
There have been a number of independent studies conducted to try to establish the drivers of skill shortages in the cybersecurity sector, with all giving different points of view. However, GlobalData’s discussions with CISO’s and vendor HR functions highlight some of the following:
- A lack of a defined framework for training and accreditation
- Technology fragmentation, making it difficult to recruit people across multiple high-end specialist areas like AI/MI, regulation and compliance, and cloud security
- Diversity and imbalance in the male/female ratio.
No easy short-term fixes
With the large skills gap in place there are no easy short-term fixes in solving the recruitment dilemma facing the cyber security sector. To try to successfully bring the sector in line over the next 2-4 years with other sectors higher up in the ranking like digital and enterprise application development, what will be required is a concentrated effort across a number of entities including government, industry and education. However, in the short term businesses and cyber security vendors can implement a number of initiatives to drive the recruitment and retention rate – GlobalData’s discussions with industry highlights some of the following strategic considerations:
- CISO’s need to investment more in recruitment and in building their SOCs
- For global businesses drive recruitment, skills development and retention through internal academies
- Define clear career roadmaps and a culture of reward and belonging
Implement a broader recruitment campaign, through apprenticeships, graduate recruitment campaigns (technical and non-technical), programme initiatives to recruit more females, and flexibility in accommodating professionals in the early stages of their career or from different career backgrounds.