Cybersecurity Skill Crunch

While a new enterprise falls prey to ransomware every 11 seconds, the world faces a cybersecurity skill shortage by 1.8 million

Work-from-home, digital transformation, and increased technology investments are all driving cyber security industry through the roof, except for a huge snag – shortage of skills. Industry estimates suggest that there are around 3 million skilled cybersecurity professionals worldwide and over 60% more are required to address the global needs of businesses and governments. Global cybersecurity skills gap is leaving critical systems and infrastructures under-protected. It is estimated that the digital economy is worth US$11.5 trillion globally, equivalent to 15.5% of global GDP; it has grown two and a half times faster than global GDP over the past 15 years – this has also increased vulnerabilities from cyberattacks and ransomware.

All Are Vulnerable

The cybersecurity industry has been experiencing rapid global growth for the past decade and, with many companies forced to transition to online, the pandemic only increased this urgency and the relevance of the industry. According to a Gartner report, end-user spending for the information security and risk management market is predicted to become a US$207.7 billion market by 2024. This is opening up exciting opportunities for cybersecurity professionals across every industry vertical.

The pandemic has accelerated digital transformation and companies are no longer using technology only to cut costs, but to create new revenue streams and increase profits. This is not surprising because technology is at the core of many technology companies’ businesses, but it also makes them more vulnerable to cyber threats, as they must protect more systems than other sectors. Being one of the most advanced sectors has been a greater strength for the technology sector in recent years, considering the central role of technology, but it has also become a weakness when it comes to the need of cyber protection.

A Costly Affair

According to Cybersecurity Ventures, unabated high profile cyber-attacks will cause cybercrime costingUS$6 trillion in 2021, anda new enterprise will fall prey to ransomware every 11 seconds. This is resulting in significant spending on cybersecurity. Research firm Gartner forecasts that cybersecurity spending will crossUS$150 billion in 2021, a spike of 12.4% over the preceding year. Global venture funding for the cybersecurity industry hit an all-time high in 2020, reaching US$7.8 billion. Till date, about 1,500 cybersecurity companies have received venture funding since 2017 and none have exited yet.

Exponential increases in cybersecurity attacks are nothing new. In fact, if you cast your eyes back to 2017-2019, attacks like malware in mobile increased by over 50%, over 40% of commercially available IoT devices had some form of a security breach, and applications like cryptocurrency coin mining quadrupled in cyber-attacks. Cybersecurity spending in countries like the US also increased over US$14 billion in 2019. As we approach 2020 year-end, the worry of going into some form of lockdown as a result of increased spikes in COVID-19 puts further fuel on increased cyber-attacks. Just in the past two months, we have seen attacks on organizations like NATO (i.e., phishing) and the International Maritime Organization (IMO), the U.N.’s shipping agency (i.e., a sophisticated cyberattack that disabled its website and intranet).

However, as businesses and cybersecurity vendors play the cat-and-mouse game with hackers, there is significant pressure on both enterprises and vendors having the right level of resourcing and skills across their security, operations, marketing, and development functions.

Where Are the Specialists?

Despite the galloping demand for cybersecurity professionals, the industry is continuing to face a resource crunch. Improper cybersecurity job listings have been cited as one of the reasons for limiting the available talent pool. For example, job listings often require a four-year degree, security certifications, and significant previous experience, but many successful employees can pick up these skills on the job.

From a geographical viewpoint, the majority of resourcing gaps seem to be in Asia, followed by the US and Europe. It has long been a problem to fill cybersecurity roles. The industry is fraught with steep and often unnecessary certification mandates and training requirements that often are barriers to entry.

The cybersecurity segment is still regarded as a ‘high-end’ specialist area, which is highly fragmented in terms of discipline areas requiring various accreditations and specialist skills. As a result, the quality of training offered in the market is often mixed, resulting in individuals entering the field with an unclear career path to follow.

The changing, complex landscape in cybersecurity, as well as technology covering areas like Cloud, networks, data privacy, analytics, AI, regulation and compliance, research, and implementation, makes it difficult to recruit high-calibre individuals to fill these roles successfully. The cybersecurity segment is not as diverse in terms of male/female ratio as some other emerging areas like digital, thus limiting access to a large, skilled resource pool. Cultivating talent via apprenticeships, or providing on-the-job training are great ways to expand the candidate pool.

According to the World Economic Forum, the future value of a career in cybersecurity looks strong, the Forum’s Global Future Council on Cybersecurity is developing recommendations on cybersecurity certification, due for release later in 2021, that put professional skills and people at the centre of an ecosystem of secure devices and services. Cybersecurity skills will not be automated out of existence.