- Cybersecurity can't be left to technology - it needs human input, too.
- C-suite leadership on this issue can have multiple benefits.
- Training doesn't need to be expensive; free resources are available.
- As well as saving money, cybersecurity engenders customers' trust and can aid staff retention.
According to a recent survey of IT decision makers by the Centre for Strategic and International Studies, 82% of employers say they have a shortage of cybersecurity skills—and 71% say this causes direct and measurable damage to their organizations.
Advanced cybersecurity technology is one way companies are mitigating the effects of this skills shortage; still, it takes human strategy and a collaborative effort to effect pervasive and continuous protection from cyberthreats. At stake are not only individual companies, but also their customers, their supply chains and the public at large.
Have you read?
Rather than bemoaning the talent deficit, the C-suite can and should do something about it. It may be an uphill effort - but allies and opportunities to get started are abundant. Here are some ideas:
Cybersecurity shifts from encumbrance to enabler
Once viewed as a constraint on business agility and performance, cybersecurity is now seen as the table stakes for survival. For obvious reasons, corporate leaders are eager to avoid the devastating impacts of data breaches, distributed denial-of-service (DDoS) attacks and ransomware. But beyond that, they are also seeing cybersecurity as a competitive differentiator, due to the public’s growing awareness of digital privacy and the value of protecting personal data and intellectual property.
As with any business opportunity, the advantage goes to the aggressive adopters. The most digitally trustworthy companies are those that invest heavily in cybersecurity technology, processes and people. Gartner predicts that worldwide spending on information security products and services will have reached $124 billion in 2019, an increase of 8.7% on 2018.
Talent acquisition, however, remains elusive, because no matter how deep a company’s pockets, there are simply not enough cybersecurity skills to go around. And the demand for these skills is growing more urgent, with the increasing ease of launching cyberattacks and the variety of adversaries—cybercriminals, cyber terrorists, and nation states—that companies must repel.
Overcoming the cybersecurity talent shortage
There are ways companies can make up for the shortfall in IT security talent. First, they can grow their own. Admittedly, chief information security officers (CISO) and other IT executives face significant hurdles in securing the necessary budget for any cybersecurity initiative, and it may be much harder to estimate a return on investment for cybersecurity training than for security technology. Still, companies can make some progress with minimal outlays.
Second, companies can recognize that cybersecurity—like most business activities—is a team effort. It takes the cooperation of everyone in the company to minimize infiltration, data loss and the spread of malware. To have an appreciable impact, employees' cyber education must be multi-faceted and ongoing.
Fortunately, companies do not need to develop or maintain their entire cyber-education programs on their own. They can take advantage of freely available education material such as the Cybersecurity Learning Hub, global certification associations such as CompTIA, and of course vendor-sponsored programmes.
The C-Suite as the nucleus of cybersecurity education and training
It may fall to the CISO or chief information officer (CIO) to champion the cause of cybersecurity training and education programmes. But everyone in the C-suite has a stake in the success of these initiatives.
For the CEO and chief financial officer (CFO), increased cybersecurity proficiency can correlate directly with eliminating or reducing downtime due to an outage, a lower risk of breach-related revenue loss, and fewer penalties for compliance violations. For the chief marketing officer (CMO), having a well-trained in-house cybersecurity force enables the company to securely innovate, solidifies the company’s reputation as a trusted partner, as it demonstrates a commitment to protecting the digital assets of its customers and suppliers. For the chief operating officer (COO), training can help with increased retention of technical talent, which is among the costliest to recruit and which takes 50% longer to hire than other roles.
Considering that the average annual cost of cybercrime for a company is $13 million, most outlays on training and education would pale in comparison. Employee cybersecurity education, meanwhile, fosters greater engagement companywide, as it empowers every individual to make a vital contribution to the security of the entire network.
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training through the Cybersecurity Learning Hub.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other companies and international organizations.
- Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Energy, Materials and Infrastructure have been bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
- The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.
Contact us for more information on how to get involved.
Cybersecurity education should not stop at the company’s doorstep, either. In the ongoing effort to stem the tide of cybercrime, it is mutually beneficial for organizations to collaborate on cybersecurity education. As an example, Fortinet and Salesforce, in concert with the World Economic Forum Centre for Cybersecurity, have already taken the first steps to promulgate cybersecurity education throughout communities worldwide in the creation and educational content included as part of the Cybersecurity Learning Hub.
Extending this point even further, as digital life begins in early childhood, so should cybersecurity education. Free, age-appropriate materials from real-world cybersecurity practitioners are a boon to cash-strapped school districts and busy teachers. Businesses, associations and government agencies offer a variety of resources for K–12 cybersecurity programmes. In the higher grades and in college, there is also an early opportunity to groom the next generation of cybersecurity talent, which may help accelerate the closure of the skills gap.
It takes a global effort to defend our economies and societies from accelerating cybersecurity threats - and cybersecurity training and education is an important part of that effort. To the extent that the C-suite is engaged and invested in promoting training and education programmes, organizations can unlock the full potential of cybersecurity as an enabler of business innovation.