• Cybersecurity can't be left to technology - it needs human input, too.
  • C-suite leadership on this issue can have multiple benefits.
  • Training doesn't need to be expensive; free resources are available.
  • As well as saving money, cybersecurity engenders customers' trust and can aid staff retention.

According to a recent survey of IT decision makers by the Centre for Strategic and International Studies, 82% of employers say they have a shortage of cybersecurity skills—and 71% say this causes direct and measurable damage to their organizations.

Advanced cybersecurity technology is one way companies are mitigating the effects of this skills shortage; still, it takes human strategy and a collaborative effort to effect pervasive and continuous protection from cyberthreats. At stake are not only individual companies, but also their customers, their supply chains and the public at large.

Rather than bemoaning the talent deficit, the C-suite can and should do something about it. It may be an uphill effort - but allies and opportunities to get started are abundant. Here are some ideas:

Cybersecurity shifts from encumbrance to enabler

Once viewed as a constraint on business agility and performance, cybersecurity is now seen as the table stakes for survival. For obvious reasons, corporate leaders are eager to avoid the devastating impacts of data breaches, distributed denial-of-service (DDoS) attacks and ransomware. But beyond that, they are also seeing cybersecurity as a competitive differentiator, due to the public’s growing awareness of digital privacy and the value of protecting personal data and intellectual property.

As with any business opportunity, the advantage goes to the aggressive adopters. The most digitally trustworthy companies are those that invest heavily in cybersecurity technology, processes and people. Gartner predicts that worldwide spending on information security products and services will have reached $124 billion in 2019, an increase of 8.7% on 2018.

Talent acquisition, however, remains elusive, because no matter how deep a company’s pockets, there are simply not enough cybersecurity skills to go around. And the demand for these skills is growing more urgent, with the increasing ease of launching cyberattacks and the variety of adversaries—cybercriminals, cyber terrorists, and nation states—that companies must repel.

Overcoming the cybersecurity talent shortage

There are ways companies can make up for the shortfall in IT security talent. First, they can grow their own. Admittedly, chief information security officers (CISO) and other IT executives face significant hurdles in securing the necessary budget for any cybersecurity initiative, and it may be much harder to estimate a return on investment for cybersecurity training than for security technology. Still, companies can make some progress with minimal outlays.

Overall cybersecurity constraints affect training as well
Overall cybersecurity constraints affect training as well
Image: Forbes / Fortinet

Second, companies can recognize that cybersecurity—like most business activities—is a team effort. It takes the cooperation of everyone in the company to minimize infiltration, data loss and the spread of malware. To have an appreciable impact, employees' cyber education must be multi-faceted and ongoing.

Fortunately, companies do not need to develop or maintain their entire cyber-education programs on their own. They can take advantage of freely available education material such as the Cybersecurity Learning Hub, global certification associations such as CompTIA, and of course vendor-sponsored programmes.

The C-Suite as the nucleus of cybersecurity education and training

It may fall to the CISO or chief information officer (CIO) to champion the cause of cybersecurity training and education programmes. But everyone in the C-suite has a stake in the success of these initiatives.

For the CEO and chief financial officer (CFO), increased cybersecurity proficiency can correlate directly with eliminating or reducing downtime due to an outage, a lower risk of breach-related revenue loss, and fewer penalties for compliance violations. For the chief marketing officer (CMO), having a well-trained in-house cybersecurity force enables the company to securely innovate, solidifies the company’s reputation as a trusted partner, as it demonstrates a commitment to protecting the digital assets of its customers and suppliers. For the chief operating officer (COO), training can help with increased retention of technical talent, which is among the costliest to recruit and which takes 50% longer to hire than other roles.

Considering that the average annual cost of cybercrime for a company is $13 million, most outlays on training and education would pale in comparison. Employee cybersecurity education, meanwhile, fosters greater engagement companywide, as it empowers every individual to make a vital contribution to the security of the entire network.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

Cybersecurity education should not stop at the company’s doorstep, either. In the ongoing effort to stem the tide of cybercrime, it is mutually beneficial for organizations to collaborate on cybersecurity education. As an example, Fortinet and Salesforce, in concert with the World Economic Forum Centre for Cybersecurity, have already taken the first steps to promulgate cybersecurity education throughout communities worldwide in the creation and educational content included as part of the Cybersecurity Learning Hub.

Extending this point even further, as digital life begins in early childhood, so should cybersecurity education. Free, age-appropriate materials from real-world cybersecurity practitioners are a boon to cash-strapped school districts and busy teachers. Businesses, associations and government agencies offer a variety of resources for K–12 cybersecurity programmes. In the higher grades and in college, there is also an early opportunity to groom the next generation of cybersecurity talent, which may help accelerate the closure of the skills gap.

It takes a global effort to defend our economies and societies from accelerating cybersecurity threats - and cybersecurity training and education is an important part of that effort. To the extent that the C-suite is engaged and invested in promoting training and education programmes, organizations can unlock the full potential of cybersecurity as an enabler of business innovation.