From healthcare and finance to energy and commerce, digital infrastructure supports countless aspects of our lives. Yet, today cybercrime threatens these basic services, and as the number of cyber attacks continues to rise, there is a crucial need for improved human capital to protect against these attacks. The proof is in the data.
According to the (ISC)² Cybersecurity Workforce Study - 2021, effectively defending critical assets requires the global cybersecurity workforce to grow by a staggering 65%, or more than 2.72 million positions. Underscoring the impact of this gap, a new survey by security company Fortinet found that 80% of organizations surveyed attribute at least one breach they have suffered to a lack of cybersecurity skills or awareness. And the majority of them report having experienced such an event in the last year, for which over half lost revenue or incurred fines in excess of $1 million. The business need for senior leadership to address the skills gap is crystal clear and urgent.
But there may be light at the end of the tunnel. (ISC)2 reports that the pathways into cybersecurity are starting to expand. Whereas the traditional source of cyber talent has been the IT workforce, only 38% of Gen Z and Millennials new to the field follow this path. Considerably more of these younger workers enter cyber directly through education or self-learning compared to their older counterparts. Women and people of color are also more likely to follow these growing alternative pathways. To meet the growth rates required, cultivating these fresh pools of talent and new pathways are vital.
How can your organization be best positioned in this highly competitive talent landscape? What are the steps that you should take right now to protect your business against the ever-changing threats from cyberattacks?
1. Secure the support from leadership that probably already exists
As with most business initiatives, in order to succeed, there needs to be support from top-level leadership. Fortunately, for cybersecurity efforts, leaders are already recognizing the importance of growing their cybersecurity awareness and talent. According to Fortinet’s study, 88% of organizations with a board of directors report that their board asks specific questions about cybersecurity. In addition, 76% of boards globally recommend increases in IT and cybersecurity headcount.
But what if cybersecurity awareness and talent aren’t top-level priorities at your organization? With 80% of organizations attributing a recent breach to such thinking, and the majority of incidents costing over $1 million, explain the cost will be far greater if nothing is done. And help leadership understand that cyber isn’t an IT problem anymore, it is a competitiveness and business continuity problem.
2. Invest in cyber skills and awareness that touch the whole organization and are kept up-to-date
While you may not be able to fill your cyber job vacancies overnight and prevent losing talent almost as quickly, you can build competencies across your organization to do their jobs with greater operational security. Your people will thank you for this because everyone fears being the person who clicks on the link that exposes the company to ransomware. By being inclusive and broad-based you can embed sounder practices across the business that are more cyber threat resistant, and build confidence in the potential for everyone to play a part in defending the organization. You may even find that some of these workers newly exposed to the meaningful nature of cybersecurity work will discover the drive to follow the alternate path into the full-time cyber workforce becoming commonplace today. As you pursue this path you’ll want to ensure these skills remain fresh through continuous education because cyber threats are continually changing and adapting.
3. Re-evaluate your cyber job descriptions and recruit for diversity
If you’re struggling to recruit cybersecurity talent, you’re not alone. According to Fortinet’s survey, 60% of organizations struggle to recruit cybersecurity talent, and 52% struggle to retain it. But how do you find the right people to hire and ensure they make an impact?
Recognize it’s a seller's market out there. Organizations can find more success attracting the talent they need with job descriptions focused on applied skills and competencies versus years of experience and degrees. As you do this look past hiring solely for technical skills. More and more organizations are realizing the importance of non-technical skills and hiring for aptitude and attitude with an emphasis on problem-solving skills, eagerness to learn, communication skills, and critical thinking. In fact, problem-solving and curiosity/eagerness to learn were the #1 and #2 skills respectively cited by cybersecurity managers looking for new hires. Finding and upskilling people who may already know your business and who have these proclivities with appropriate but real cyber skills they can master from inside the organization can be more effective and sustainable than trying to manage the revolving door that the mainstream cyber talent market has become.
Organizations should also consider embracing remote work for their cybersecurity professionals. Remote work not only provides highly-desired and flexible working conditions, especially prized by working moms, but also enables organizations to hire from more locations with the potential for better hiring fits where turnover may be lower. Few jobs in cybersecurity really require, or even benefit from, working onsite.
Fill Cyber Skills Gaps with Four|18 Intelligence
418 Intelligence provides your organization with training and access to cybersecurity talent emphasizing hands-on real-world skills, and, when needed, access to crowdsourced answers from rated experts available on-demand. Don’t let the skills gap and old thinking remain a risk to your business any longer.
