Houston, we have a problem.
It’s known as the cybersecurity skills gap. It’s also been called the cybersecurity skills crisis.
Both of these terms are accurate.
And perhaps where we should start the discussion is with the idea that the lack of skilled cybersecurity experts is not new and not a result of the pandemic.
This gap, or crisis if you prefer, is well-documented and has been discussed by many experts in recent years. Harvard Business Review published a pointed article in 2017, Cybersecurity Has a Serious Talent Shortage. Here’s How to Fix It. Deloitte issued a report in 2018, The cybersecurity talent shortage: an emerging challenge for consumer products companies which discusses the increasing number of cybersecurity threats and challenging factors that included “the demand for skilled cyber talent [which] far outweighs the available talent pool.”
The year before the pandemic hit, the 2019 Cybersecurity Workforce Study was published by the nonprofit (ISC)². This report revealed that while 2.8 million people at the time of the study worked in cybersecurity roles, an additional 4 million employees were needed due to a “global surge in hiring demand.”
And today, at a time when skilled employees are very hard to find and many companies are struggling to fill their benches with needed talent, the need for cybersecurity experts only grows. With data that continues to reveal that cybersecurity is a growing problem with no end or resolution in sight, the gap between needed talent and available talent only widens.
Recent data confirm that the cost of data breaches continues to rise per the recent annual report, Cost of a Data Breach Report. This is the seventeenth year for this study, which is conducted by Ponemon Institute and published by IBM Security.
We learn additional important yet not surprising information:
The data above, and statistics we have previously shared, all point to the need for more manpower (and brainpower) to combat the breaches of cybercriminals. But we won’t all have success until we have more cybersecurity workers – to the tune of about four million individuals.
This begs the question, why is there such a pronounced shortage of professionals in the field? There are many reasons and considerations.
But first, let’s start with the positives and what cybersecurity positions offer. There a number of benefits of seeking a career in the field, starting with solid salaries. Cybersecurity also offers many diverse roles, positions, and paths that one can pursue. And importantly, the field is – without a doubt – a recession-proof, pandemic-proof industry. If you have a job in the cybersecurity field and can perform, you will likely always have a job. You are needed and will be needed.
So back to the big question: why is there such a large need for cybersecurity professionals? There are several reasons:
There is uncertainly and misconception about what a path in cybersecurity looks like and entails. As mentioned before, there are plenty of job opportunities and also many exciting career paths that stem from the industry. But, quite simply, not enough people understand this. The field is not top-of-mind for most young people looking for a promising career.
There is an under-tapped opportunity in our educational system to help guide more young people in the direction of cybersecurity. There is not a clear (and certainly not coordinated) effort among public schools and post-secondary educational institutions to help build the foundation for students to have their eye on the cybersecurity field in the education process. And once these students decide early on to go down a different path, in most cases they have passed over the cybersecurity career option.
Interesting but not surprising, many cybersecurity professionals start as IT generalists and then make the switch. And when this transition takes place, these professionals don’t have the complete skill set they need as they switch their professional focus. Many cybersecurity workers lack a true mentor to help guide them. Many are missing a plan to obtain basic cybersecurity certifications and to continue professional development through their career. These factors all contribute to professionals either exiting the field or failing to be attracted to it in the first place.
This brings us all back to our present situation and predicament – there are a growing number of expensive and sophisticated cybersecurity attacks, with a big need to fill the pipeline of qualified cybersecurity professionals.
We recognize the opportunities for educational facilities and businesses to join together to find ways to bring more talent to the field and join in partnership to attract young people into the field early in their careers, perhaps as their first-chosen career path. We also recognize the need to provide a promising career path for those in the field with training and professional development, something we actively practice our own team of cybersecurity experts.
And the statistics we share above on the frequency and cost of cyberattacks are yet another reminder for companies to not let their guard down when it comes to cybersecurity. Whether an organization ramps up internal resources to ensure data and systems are safe and secure while workers remain productive, or looks to an outside partner to shore up these same data and systems, the most important thing to do is take action.
Do something. Your company does not want to become another cybersecurity statistic. Make sure it doesn’t happen to you and your team.