By: Cybrary Staff
February 18, 2022
Cybersecurity Skills Gap Research Report (Resources)
By: Cybrary Staff
February 18, 2022
What the widening cybersecurity skills gap means to enterprises The cybersecurity skills gap continues to widen, a problem exacerbated by the rise of remote workforces and a constantly evolving threat landscape.
Summary: Hiring and retaining cybersecurity talent is not getting any easier, and it remains a top challenge as enterprises face a constantly evolving threat landscape. As the cybersecurity skills gap widens further, business leaders must focus on cultivating talent on their own, such as through apprenticeships and by providing on-the-job training.
The pandemic has taught us much about the fragility of global supply chains and the balance of supply and demand. The automotive sector has suffered a crippling shortage of computer chips, most of which are produced in Asia. Construction firms had trouble purchasing materials like sealants and paints. Healthcare providers experienced disastrous shortages of personal protective gear, especially during the early stages of the pandemic. The list goes on.
Another area that has seen severe deficits is cybersecurity skills. The pandemic has also exacerbated this shortage, particularly due to the sudden and unprecedented rise of remote work and the unique security risks that come with it. Moreover, the fact that cybercriminals make a point of exploiting organizations when they are at their most vulnerable has been made tragically clear, with the healthcare sector becoming a favorite target in recent years.
In 2020, when Cybrary published their Cybersecurity Skills Gap Research Survey Report, 72% of respondents admitted that they had skills gaps in their organizations. 65% of IT managers claimed that those gaps made them less effective at protecting themselves from cyber threats. A year later, the situation had worsened, with 95% of business leaders claiming that the skills gap was wider than ever. There is little reason to think that 2022 will be any different.
Acquiring the right people for the job
For most organizations, the root of the problem is the inability to get talent through the door in the first place. With hundreds of thousands of cybersecurity job openings in the US alone, the competition is simply enormous. While this is undoubtedly good news for anyone trained and certified in the field, it also places a significant cost burden on businesses. Even entry-level IT security jobs often command six-figure salaries. As such, many organizations rely on insufficiently skilled or trained workers. Often poorly compensated and overworked, these employees face a constant threat of burnout to the point they leave the company.
Although paying enough will certainly help lure the best cybersecurity experts, retaining talent is another matter. No matter how well-paid they are, many cybersecurity experts are on call around the clock and face enormous pressure from an unforgiving cyber threat landscape. Another common issue is the lack of alignment between the needs and expectations of IT and those of business leaders that many organizations suffer. CISOs and their teams, for example, often find themselves working in bubbles, whereby other departments and their employees consider cybersecurity to be purely an IT problem.
Maintaining an effective security team
The reality is that, although specialists will always play a vital role, cybersecurity is everyone’s responsibility. Thus, businesses also need to skill up their entire workforce to maintain effective security teams. Doing so will reduce the burden on the IT department, thus making it easier to retain the security talent they already have while also improving the organization’s overall security posture. Achieving this alignment between business and security is vital for ensuring that line-of-business leaders and security professionals are on the same page.
Maintaining an effective security team relies, first and foremost, on people. Even with the most cutting-edge technological solutions at their disposal, a security team cannot function optimally without the necessary expertise. Fortunately, there are steps that cybersecurity recruiters can take to fill their open roles, such as creating internship programs, supporting existing workers through comprehensive training programs, and gathering referrals from employees.
Of the various solutions for overcoming the widening cybersecurity skills gap, there is no better way than investing in existing teams, if indeed that is an option. By subsidizing education for employees who want to move into cybersecurity or improve existing skills in the space, leaders can take a gradual albeit sustained effort in upskilling their teams. Those starting from scratch can instead reach out to budding talent via apprenticeship programs.
Removing barriers to entry
Attracting and retaining top-tier cybersecurity talent is already difficult at the best of times, so recruiters must remove any unnecessary barriers to entry. Many of the requirements listed on the typical job posting are irrelevant, which can hurt an organization’s ability to attract a sufficiently large pool of candidates.
For example, a job listing might ask for a degree, along with several industry certifications. However, traditional higher education degrees are of limited value in an area as fast-moving as cybersecurity. Instead, companies may consider investing in certification training and preparation for new hires. That way, they can remove a significant barrier to entry and reduce recruitment costs while investing in the long-term success of their teams.
In conclusion, it has never been more critical to invest in training when bolstering and continually enhancing an organization’s security posture. While one cannot expect results overnight, it is essential to remember that the cybersecurity skills gap is likely to remain for a long time – and long-term problems require long-term solutions.
Cybrary for Teams is an all-in-one workforce development platform that helps organizations develop stronger cybersecurity skills, prepare for new certifications, and track team progress.