STRATEGIC CYBERSECURITY TALENT FRAMEWORK
The World Economic Forum's Strategic Cybersecurity Talent Framework white paper tells us that attracting, training, and retaining cybersecurity professionals is a must to ensure the safety of organisations and society as a whole online. The global cybersecurity workforce experienced significant growth of 12.6% from 2022 to 2023. Despite this progress, a significant talent gap remains, with a need for four million cybersecurity workers worldwide.
A GLOBAL CONCERN
The cyber workforce shortage is a global concern that affects both nations and industry sectors. Estimates indicate that by 2030, there could be a worldwide talent shortage of over 85 million workers. The World Economic Forum (WEF) projects that this enormous talent gap could result in an estimated £6.8 trillion in unrealised annual revenue in just six years. If this amount were equated to the GDP of a country, it would rank as the third highest in the world, following economic superpowers the United States and China.
CYBER SHORTAGES ARE WORLDWIDE
The WEF says the cyber talent shortage is prevalent in the Asia-Pacific and North American regions yet remains a global challenge. India, which produces nearly one-third of the world’s graduates in science, technology, engineering, and mathematics (STEM), faced a talent shortfall in May 2023, with 30% of its 40,000 cybersecurity job vacancies unfilled. In Africa, there are only about 20,000 certified security professionals for a population of 1.4 billion people. This issue is not confined to developing nations. In the UK, 43% of small and medium-sized enterprises (SMEs) have been unable to hire cybersecurity support. In the US, despite being ranked as the world’s most digitally competitive nation, there are still over half a million vacancies up for grabs for cybersecurity professionals. Raj Muttukrishnan, Professor of Cybersecurity at City, University of London and a Director at Cyber London, said:
“Unfortunately, there is a lack of global standards to unify the skills needed. We must also keep in mind that since Covid, there is more digital transformation that is happening in traditional sectors like manufacturing and shipping which is creating a need for new cyber skill sets”
URGENT ACTION NEEDED
It seems that the global cyber industry is grappling with this skills shortage and urgently needs to implement effective strategies to attract and retain skilled professionals. According to the WEF, two-thirds of organisations face increased risks due to the lack of cybersecurity expertise, yet only 15% of firms anticipate a significant improvement in cyber skills by 2026. The Forum highlights that the ongoing high demand for talent in the cybersecurity sector leaves "little optimism that the supply will catch up."
WHY IS THERE A SKILLS SHORTAGE?
In 2023, the National Cyber Security Centre (NCSC) reported a 64% increase in cybersecurity incidents in the UK that were serious enough for investigation. However, the growth in the cyber workforce was hindered by an all-familiar skills gap. So what skills is the industry lacking and as budgets continue to be squeezed, how can it do more with less? For SMEs, there's an obvious shortage of versatile candidates who can handle a variety of tasks, monikered the "jack of all trades." This shortage is exacerbated as cyberattacks become more niche and sophisticated. Across the broader cybersecurity industry, there's still a lingering deficit in talent and skills across various roles, whether this be in analysis, engineering, or consultancy. This shortage isn't due to a lack of interest from candidates. Instead, it's a result of a supply-demand imbalance. While there are many candidates eager to enter the industry, entry-level opportunities are scarce. And looking at mid-level appointments, there's a surplus of positions but not enough qualified individuals to fill them. A real rock and a hard place story. Raj added:
“There is high ‘burnout’ in the cyber security industry which is not attracting sufficient smart people to the sector.”
He also explained what academic institutions need to do to address this shortfall in cyber skills and said:
“Most of the academic curriculum is more theoretical and does not give the real hands-on experience that is needed to resolve a cyber incident. No skills standards framework works in practice. There is a need to create a map in terms of areas of skills shortage and how to map that to the training curriculum. We also need to create micro modules and certify individuals in specific cyber topics to address the skills gap.”
FIRST LINE OF DEFENCE
A skilled and experienced cyber workforce is the frontline defence against the rapid surge of online attacks. The rapid advancement of cyber attackers' capabilities is inadvertently complemented by a widening array of emerging technologies, including AI, big data, and predictive analytics that hackers utilise to enhance their mischief. On AI, Raj said:
“With the increasing usage of AI, there is much more complexity that is posed in the way of security assessments and there is a need to develop new ways of understanding the AI-generated threats such as deepfakes.”
While the UK cyberattack landscape in 2023 looked bleak, worldwide it is worse. Last year there was a staggering 72% increase in global data breaches. Natasa Perucica, Capacity Building lead at the WEF Centre for Cybersecurity, says the healthcare sector is most vulnerable and believes that attacks "can lead to consequences with implications for the lives of patients." Consequently, the WEF stresses the "critical need for decision-makers to prioritise cybersecurity talent management as a strategic imperative." Collective initiatives like the WEF Bridging the Cyber Skills Gap can foster positive momentum in addressing these challenges.
FOUR PRIORITY AREAS
To holistically address these serious cyber skill shortages and build sustainable talent pipelines, we need to pinpoint and tackle the underlying reasons contributing to the broader cybersecurity workforce gap. The WEF’s Bridging the Cyber Skills Gap initiative unites over 50 global public and private organisations committed to this goal. In conjunction with existing World Economic Forum efforts on skills, such as the Reskilling Revolution and Skills-First, the initiative focuses on four key priority areas integral to the Cybersecurity Talent Framework (CTF):
Attracting talent to cybersecurity
Educating and training cybersecurity professionals
Recruiting suitable cybersecurity talent
Retaining cybersecurity professionals
We must recognise that these four priority areas are interconnected components of a comprehensive cybersecurity talent management approach and not view them in isolation. To effectively address the cyber skills shortage, we need a global approach that encompasses recruitment, education and training, and most of all, retaining the high flyers. Raj pointed out a current challenge in terms of cyber education and training and said:
“There is not enough time to learn and grow as the threat landscape is changing so fast.”
THE CYBER CHALLENGE
In our hyperconnected world, people have more career options than ever before, presenting a recruitment challenge for the cyber industry. The WEF emphasises the need for the industry to showcase value-based and diverse career paths to attract potential employees. The stakes are significant, as past cyberattacks have exposed billions of individuals' data records and incurred billions of pounds in costs – this we all know. While technical skills often take centre stage in cybersecurity careers, softer skills are equally valued. According to Perucica, proficiency in communication, teamwork, and problem-solving is essential for navigating the complexities of the security landscape. Meeting the demand for millions of cybersecurity professionals by 2030 poses a considerable challenge. As such, recruited talent must demonstrate their intentions to build long-term careers in the cyber industry.
Kommentare