cybersecurity experts

A lack in cybersecurity experts?

Houston, we have a problem.

It’s known as the cybersecurity skills gap. It’s also been called the cybersecurity skills crisis.

Both of these terms are accurate.

And perhaps where we should start the discussion is with the idea that the lack of skilled cybersecurity experts is not new and not a result of the pandemic.

This gap, or crisis if you prefer, is well-documented and has been discussed by many experts in recent years. Harvard Business Review published a pointed article in 2017, Cybersecurity Has a Serious Talent Shortage. Here’s How to Fix It.  Deloitte issued a report in 2018, The cybersecurity talent shortage: an emerging challenge for consumer products companies which discusses the increasing number of cybersecurity threats and challenging factors that included “the demand for skilled cyber talent [which] far outweighs the available talent pool.”

The year before the pandemic hit, the 2019 Cybersecurity Workforce Study was published by the nonprofit (ISC)². This report revealed that while 2.8 million people at the time of the study worked in cybersecurity roles, an additional 4 million employees were needed due to a “global surge in hiring demand.”

And today, at a time when skilled employees are very hard to find and many companies are struggling to fill their benches with needed talent, the need for cybersecurity experts only grows. With data that continues to reveal that cybersecurity is a growing problem with no end or resolution in sight, the gap between needed talent and available talent only widens.

Recent data confirm that the cost of data breaches continues to rise per the recent annual report, Cost of a Data Breach Report. This is the seventeenth year for this study, which is conducted by Ponemon Institute and published by IBM Security.

We learn additional important yet not surprising information:

  • COVID has had a huge impact on cybersecurity; when companies suddenly shifted to remote work, somewhere in the range of 60% of organizations moved further and deeper into reliance on cloud-based services.
  • When this shift to remote work occurred, many (many) companies did not adjust, adapt, or ramp up their internal security. And there is a cost to companies taking a passive approach to security, to the tune of breaches costing about $1 million more per incent when remote work is involved. (As a reminder, with hybrid work here to stay there are many implications for security.)
  • Health care – an industry that underwent dramatic operational changes when the pandemic hit – had its average breach cost rise $2 million per incident (to a cost of $9.2 million per incident).
  • Data breach costs in financial services cost $5.7 per incident on average; in the pharma industry, breaches average $5 million per incident.
  • Globally, the most expensive breaches take place in the US (averaging $9 million per incident), followed by the Middle East ($6.9 million), and Canada ($5.4 million).
  • On average, data breaches cost $4.2 million per incident. This price tag is up 10% from one year ago and is the highest in the report’s history.

The data above, and statistics we have previously shared, all point to the need for more manpower (and brainpower) to combat the breaches of cybercriminals. But we won’t all have success until we have more cybersecurity workers – to the tune of about four million individuals.

This begs the question, why is there such a pronounced shortage of professionals in the field? There are many reasons and considerations.

But first, let’s start with the positives and what cybersecurity positions offer. There a number of benefits of seeking a career in the field, starting with solid salaries. Cybersecurity also offers many diverse roles, positions, and paths that one can pursue. And importantly, the field is – without a doubt –  a recession-proof, pandemic-proof industry. If you have a job in the cybersecurity field and can perform, you will likely always have a job. You are needed and will be needed.

So back to the big question: why is there such a large need for cybersecurity professionals? There are several reasons:

Overall perception

There is uncertainly and misconception about what a path in cybersecurity looks like and entails. As mentioned before, there are plenty of job opportunities and also many exciting career paths that stem from the industry. But, quite simply, not enough people understand this. The field is not top-of-mind for most young people looking for a promising career.

An unclear educational path

There is an under-tapped opportunity in our educational system to help guide more young people in the direction of cybersecurity. There is not a clear (and certainly not coordinated) effort among public schools and post-secondary educational institutions to help build the foundation for students to have their eye on the cybersecurity field in the education process. And once these students decide early on to go down a different path, in most cases they have passed over the cybersecurity career option.

Lack of training

Interesting but not surprising, many cybersecurity professionals start as IT generalists and then make the switch. And when this transition takes place, these professionals don’t have the complete skill set they need as they switch their professional focus. Many cybersecurity workers lack a true mentor to help guide them. Many are missing a plan to obtain basic cybersecurity certifications and to continue professional development through their career. These factors all contribute to professionals either exiting the field or failing to be attracted to it in the first place.

This brings us all back to our present situation and predicament – there are a growing number of expensive and sophisticated cybersecurity attacks, with a big need to fill the pipeline of qualified cybersecurity professionals. 

We recognize the opportunities for educational facilities and businesses to join together to find ways to bring more talent to the field and join in partnership to attract young people into the field early in their careers, perhaps as their first-chosen career path. We also recognize the need to provide a promising career path for those in the field with training and professional development, something we actively practice our own team of cybersecurity experts.

And the statistics we share above on the frequency and cost of cyberattacks are yet another reminder for companies to not let their guard down when it comes to cybersecurity. Whether an organization ramps up internal resources to ensure data and systems are safe and secure while workers remain productive, or looks to an outside partner to shore up these same data and systems, the most important thing to do is take action.

Do something. Your company does not want to become another cybersecurity statistic. Make sure it doesn’t happen to you and your team.

Leave a Reply

Your email address will not be published. Required fields are marked *