How closing the cyber skills gap can help organizations build resilience

As the digital economy continues to grow at a rapid pace, cybersecurity professionals are critical to supporting today’s global economy. However, the industry is struggling to fill the large void in cybersecurity skills.

Our tech-enabled world requires skilled individuals who can assess, build, install, monitor and maintain the systems that underlie them. Staffing shortages are brought on by varying factors and, according to a poll conducted by MIT Technology Review Insights of global information technology (IT) leaders, 64% of respondents said that candidates lack necessary skills or experience.

Closing the cyber skills gap requires collaboration across public and private sectors through thoughtful investment in cultivating cybersecurity talent. As technology becomes increasingly integral to everyday life, cybersecurity has taken on a new-found importance to preventing theft of personal information to catastrophic infrastructure failures.

In addressing the cyber skills gap, organizations can improve cybersecurity posture and resilience through upskilling and reskilling their workforce, recruiting and training a diverse workforce and creating a holistic cybersecurity ecosystem.

Organizations have become increasingly dependent on technology and as those technologies become more complex, securing systems and networks is more difficult than ever as more security technologies and processes are needed to work with each other.

This dependence on technology means that organizations are competing with one another to acquire what scarce cyber talent is available, which causes cybersecurity salaries to escalate and makes it difficult for organizations to hire and retain many cybersecurity workers.

As technology evolves at a rapid pace with cybersecurity built-in rather than bolt in, it puts a heavy emphasis on the lack of cybersecurity talent as cyber threats grow at a commensurate rate.

The evolution of artificial intelligence (AI) and generative AI in particular could pose a threat, with a recent UK government report highlighting that AI could increase the risk of cyber attacks and erode trust in online content by 2025.

A lack of skilled cybersecurity professionals weakens organizations risk assessment and strategic planning, giving innovative cyberattacks and new malware a weaker and wider attack surface.

According to a survey conducted by Korn Ferry, companies could lose out on $8.5 trillion in annual revenue without the talented workforce required, and 85 million jobs may go unfilled by 2030 due to a lack of skilled workers.

Among the most important aspects to building an effective talent pool for cybersecurity is ensuring that there is a defined learning path and a defined career path for existing and future employees to fill the voids in niche security talent pools.

Building skills in-house through training and education programmes can help organizations establish and retain an effective and loyal cybersecurity talent pool. By building cyber skills internally, current employees can get up to speed and organizations can widen the pool of available cyber talent.

Furthermore, building out cyber skills internally can also decrease the chances of burnout for cybersecurity employees already working for your organization.

According to the World Economic Forum, a lack of diversity in science, technology, engineering and mathematics fields, particularly cybersecurity, is one of the leading contributing factors to the cyber skills gap.

Organizations should consider expanding their scope when seeking candidates outside of their existing talent pool. This can help build a diverse cybersecurity team with a diverse set of skills to increase an organization’s cybersecurity posture.

In addition, by focusing on the tasks at hand and the skills needed rather than the qualifications, organizations can find talented candidates who have skills that can be broadly applied to different fields of expertise, such as problem solving, time management and innovative thinking.

Long-term solutions are necessary to bridge the IT talent gap and cultivate candidates' skills through early-career programmes, which can increase diversity in the talent pool as well as improve retention.

For example, India-based multinational IT services and consulting company HCLTech has started to invest in young students through early-career programmes that provide on-the-job training, as well as offering financial support towards post-secondary education.

Schemes such as these train candidates to become valuable HCLTech contributors and focus on improving diversity and building a highly skilled workforce for the future.

According to an MIT poll, 32% of organizations that participated in the survey have an apprenticeship scheme, while 19% plan on implementing such a programme in the next two years.

After all, a better trained and younger workforce can greatly benefit the industry in the long term, while also boosting the cybersecurity posture of the organizations for which they work.