• The digital landscape is vast and vulnerable - and we don't have enough cybersecurity professionals to keep it safe.
  • There is a cyber skills shortfall of around 4 million digital firefighters.
  • Here's how to find and train a new generation of cybersecurity experts - before it's too late.

Earlier this year, as wildfires spread around the world, those who work in the fields of cybersecurity and information protection could not help but see parallels. Much like the land destroyed by these fires, the digital landscape we seek to protect is also vast and vulnerable. It is also prone to human error, where even the smallest misstep can disrupt entire industries. But there was one similarity that stood out the most for the cyber industry: we also don’t have enough firefighters. Unlike firefighting, in which help from near and far can be called upon to join the relief effort, there isn’t a framework by which we can call upon a unified body of skilled professionals when there are cyber breaches of other organizations, industries or regions.

Even before the COVID-19 pandemic, the cybersecurity workforce faced challenges resembling those faced by firefighters in California, Australia, Argentina and Brazil – teams stretched thin by the scale of the crises that faced them. In the cybersecurity field, scale has been a concern that has been increasing for quite some time. But when the pandemic forced an overnight shift to digital environments for the majority of companies, the attack surface grew exponentially.

As workers moved from office to home, organizations were forced to pivot and enable remote work across expansive and hastily created environments. And as that remote work contingent grew, so did the threat landscape, as cybercriminals worldwide took advantage of the fear and uncertainty created by the pandemic. For example, earlier this year, the FortiGuard Labs observed an average of about 600 new COVID-19-related phishing campaigns per day. The result has been not only an expanded digital landscape, but one that is increasingly vulnerable – with a growing population of cybercriminals all too eager to exploit those vulnerabilities.

The alarm has long been sounding regarding the urgent need to address the cyber skills gap, and we are here to issue another call to action, along with recommended tools to develop a skilled cyber workforce. We need more digital firefighters to stop cybercrime and protect our digital interactions. As we turn our attention from simply managing the COVID-19 crisis, to how we can continue to innovate and move forward despite it, we must all come together to address the cyber skills shortfall that makes our digital world less safe.

Even a cursory look at the numbers reveals the depth of the problem. In addition to the 2.8 million cybersecurity professionals we must retain under 'typical' conditions, a conservative estimate places the number of new cybersecurity workers needed by next year at an additional 4 million worldwide.

Meeting this need will require an approach that mobilizes a new generation of cybersecurity workers, while also raising awareness of the part we must all play in cyber safety. Just as COVID-19 has required extensive reserves of new medical workers to join the frontlines, while reinforcing basic hygiene skills to curb the spread of the virus, the cyber skills gap will require an all-hands-on approach to this shared responsibility – joining cyber professionals with every employee to collectively help secure our digital way of life and pave the way for future innovations.

As stark as this cyber skills gap is, there remains cause for optimism.

Cybersecurity is exciting and purposeful work in an industry that offers incredible opportunities for constant learning and job security. This is an excellent time to invest in cybersecurity training or reskilling. Often misunderstood as prohibitively technical, there are many critical roles in cybersecurity that don’t require a technical background to make meaningful impact. Talent could, and does, come from diverse fields such as English literature, political science or fine arts, as well as communications, project management, training and marketing. At its core, cybersecurity teams are looking for people with unbridled curiosity, an innate ability to protect, passion about how technology works and a willingness to learn.

Cybersecurity leaders are now more focused on attracting and retaining a diverse workforce and are actively seeking workers with non-technical backgrounds. As an industry, there is a renewed focus on understanding and communicating the relevance of transferable skillsets needed to create a successful cybersecurity workforce. Leaders are aware that there are great benefits in building teams that include diverse backgrounds, thought styles, genders, ethnicities, education and experience.

Increasingly, more organizations are leveraging the potential of cybersecurity to lift people from potential unemployment or interest in a new field with training that is efficient, accessible and scalable to all parts of the globe. While we are facing a global cybersecurity talent shortage, the unemployment rate among veterans in the US alone tripled to nearly 12%. That’s more than 1 million highly qualified workers who have honed such transferable skills as situational awareness, attention to detail and the ability to work under stress; everything it takes except the training, in other words, to work in competitively paying cybersecurity roles that provide additional opportunities.

Fortunately, that training is available now for free or at a very low cost for those who want to gain cybersecurity knowledge and skills. There is an abundance of online learning courses that provide training, from cyber basics to unique specializations. The World Economic Forum, Global Cyber Alliance, Salesforce and Fortinet have created the Cybersecurity Learning Hub to democratize access to cybersecurity knowledge and bring more awareness of the need for new talent, while providing resources to enable individuals to explore a career in cybersecurity.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

We have the training, and we have a potential workforce for whom cybersecurity could unlock long-term opportunity and security. What we’re running short of is time.

The cyber skills shortage is real, and urgent – and will become increasingly critical if we do not come together to raise awareness of this need and opportunity. Like the wildfires that have ravaged areas around the world, we are patrolling the vast plains of digital risk that could ignite with the slightest spark. Without a new generation of security professionals, the digital wildfires of data breaches, cyber-attacks and malicious activity will only become more frequent, devastating and costly.