How reskilling and upskilling talent can help shrink the cybersecurity skills gap

Despite economic uncertainties and other related challenges, enterprises worldwide continue to embrace digital transformation initiatives at an unprecedented rate. According to a recent report, digital transformation spending is expected to hit $3.4 trillion in 2026.

At the same time, talent shortages – particularly in the cybersecurity industry – are growing more acute. Nearly 70% of security leaders say they face additional risks because of cybersecurity skills shortages, and more than half struggle to recruit and retain new talent.

Short-staffed security teams and those lacking senior-level professionals make it difficult for organizations – regardless of industry or sector – to safeguard their assets from threats, resulting in tangible consequences. Over 80% of organizations worldwide fell victim to a cyberattack in the last year. Nearly half (48%) suffered at least one breach in the past 12 months, indicating that it cost more than $1 million to remediate.

Meanwhile, the cyber threat landscape is growing more complex as attack volume increases and bad actors find more sophisticated ways to infiltrate networks. And cybercrime activity shows no signs of slowing, with 65% of organizations expecting the number of cyberattacks to increase over the next 12 months.

Many professionals also anticipate larger-scale, more destructive cyber incidents in the not-too-distant future. According to the World Economic Forum 2023 Cybersecurity Outlook report, 86% of business leaders and 93% of security leaders believe that global geopolitical instability will likely lead to a catastrophic cyber event in the next two years.

While organizations worldwide certainly face substantial challenges when it comes to safeguarding their digital assets, there are many strategies we can collectively pursue that will help to close the cybersecurity skills gap and augment individuals with the talent they need, and every organization needs. But recruiting and retaining qualified professionals will inevitably require creative strategies, and public and private sector organizations must collaborate to bring many of these to fruition.

From offering reskilling programmes for non-technical job seekers interested in a career change to introducing upskilling initiatives for current security professionals, we can work together across industries and sectors to address the talent shortage in several ways.

Managing cyber risks requires support from qualified security professionals. Implementing strategies to retain skilled practitioners is crucial, yet more than half (54%) of organizations indicate that retaining security talent is challenging.

However, data shows that offering training and certification opportunities to existing security professionals benefit organizations and individuals alike. Nearly 95% of leaders say that industry certification programmes have positively impacted their organizations.

The Cybersecurity Learning Hub – led by the World Economic Forum with involvement from partners Fortinet, Global Cyber Alliance, and Salesforce – is an excellent example of a collaborative initiative that offers resources for learners of all levels, including educational content for those that may be interested in a professional role that advocates trust and security for a security-first culture in an organization and also technical-oriented, higher-level courses for current security professionals and their teams.

By delivering training that aligns with career and skill advancement opportunities, organizations are not only better protecting their organizations with the required talent needed, but also providing greater incentive to retain existing talent.

Historically, when looking to fill more technical roles, employers have sought “traditional” candidates with a four-year degree in cybersecurity or related work experience. But with the growing talent shortage, this recruiting approach must also be expanded to consider new talent pools and diverse expertise to help organizations fill unfilled positions.

It’s a pivotal time to find job seekers interested in learning new skills or changing careers. According to Pew Research Center, nearly 25% of workers said they were very or somewhat likely to seek a new job in the next six months. Meanwhile, some technology companies are reducing their payrolls as economic growth slows. These shifts allow organisations to find new candidates to fill vacant positions.

At the same time, increasing access to training can play a critical role in helping reskill individuals looking to enter the cybersecurity field. For job-seekers considering a career change, there is free training available from collaborative initiatives, such as the Cybersecurity Learning Hub, and vendors to better equip them to be successful in a career in the field and to determine the cyber career pathway that most interests them, ranging from a Security Awareness Specialist to Security Operations Center (SOC) Analyst or Cloud Security Specialist.

Given what's at stake regarding security incidents, organizations must ensure that all their employees, regardless of their industry or role, have fundamental cybersecurity knowledge and awareness to help them better assess and respond to potential attacks. It's no surprise that cybercriminals view an organization's employees as high-value targets, seeing as how 82% of breaches involved the human element.

Cyber attackers believe it’s relatively easy to manipulate an unsuspecting staff member into clicking on a link in a phishing email or unknowingly initiating a drive-by download. While these types of attacks might seem easy to avoid, cybercriminals are often victorious when using these methods – recent research shows that 81% of successful breaches came from phishing, password, and malware attacks.

There are many ways to implement a cybersecurity awareness training programme uniquely relevant to your organization. Some organizations design their own cyber education programmes, although many don't have the time, expertise, or desire to do so. In the latter's case, organizations and businesses can partner with a trusted cybersecurity organization that offers a cyber awareness training curriculum.

While businesses pursue digital transformation strategies, the threat landscape intensifies, and the cyber talent and resulting cyber skills gap grows. We must collaborate to retain current practitioners, attract new professionals to the field, and enhance cyber awareness among all individuals. A recent report found that 68% of organizations indicate they face additional cyber risks as a result of the talent shortage.

Cyber risks, such as breaches, impact critical infrastructures, operations and services that significantly impact our society’s daily lives. To help reduce the chances of disruptions to these crucial things, it is paramount that we work together today to develop creative strategies to grow the cybersecurity talent pool of the future.