How Can Businesses Close Their Cybersecurity Skills Gap?
Focus on building in-house skills as much as hiring externally to boost company's cybersecurity skills.
February 17, 2023
By Diana Gayri
Diana Gayri
Businesses already faced with a number of challenges now face a growing cybersecurity skills gap.
According to Fortinet’s 2022 Cybersecurity Skills Gap (PDF) report, 80% of businesses have had at least one cybersecurity breach due to the lack of cybersecurity skills or awareness. As well as this, 64% have lost revenue or paid fines as a result of the breaches, and 67% of respondents recognised that the shortage of qualified cybersecurity candidates increases the risk of an attack. This should be a warning sign to businesses that they must work to close this gap, but what steps can they take?
Educate and Train Your In-House Talent
The Cyber Security Skills in the UK Labour Market 2022 (PDF) study from the Department for Digital, Culture, Media & Sport, cites that 51% of businesses in the UK currently have a basic skills gap. This leaves business open to breaches from threat actors. Yet, according to TD Synnex’s Technology Ecosystem Benchmark Report, half of partners see cybersecurity as one of their most important solution areas and aim to expand their expertise in this area.
When beginning to teach employees about cybersecurity, many partners have launched online courses as a starting point. These courses include training on cybersecurity fundamentals to gain a foundational understanding of cybersecurity, including definitions, common attack methods and how to implement cybersecurity protection. This can empower employees to detect current and potential requirements of end customers and to forward this information to specialists that can help fulfill these needs.
Organisations should focus on building their in-house skills as much as they think about hiring externally. This is the only logical approach, given there aren’t enough people with cybersecurity skills in the marketplace anyway, meaning that hiring will only get you so far. In order to do this, organisations must incentivise their employees to complete cybersecurity courses and invest their time in learning, so that their in-house talent have the necessary industry-recognised certifications.
Recruit the Right Talent Now and in the Future
The size of the global cybersecurity workforce has currently reached 4.7 million people, but there is still a global gap of 3.4 million cybersecurity workers, according to ISC’s Cybersecurity Workforce Study 2022 (PDF). Yet, global demand for cybersecurity experts is forecast to outstrip supply by a third before the end of the decade, according to Kaspersky (PDF).
Looking more globally, Cybersecurity Ventures found that the number of unfilled cybersecurity jobs grew by 350% to 3.5 million in 2021, from one million positions in 2013. By 2025, it’s predicted there will still be 3.5 million open roles in this industry. Finding and retaining the right talent is essential to ensure that the cybersecurity skills gap closes and remains that way.
There is also a discrepancy between the number of women and men in cybersecurity roles. The Women in Cybersecurity 2022 Report (PDF) has found that women hold 25% of cybersecurity jobs globally in 2022. It has been forecast that women will represent 30% of the global cybersecurity workforce by 2025, and 35% by 2031. Positively, this is up from previous years. In 2019 women held 20% of cybersecurity jobs, up from 10% in 2013. However, more can still be done in the industry to encourage women to apply for and hold these roles.
Make Smart Talent Investments
A good starting point is to lower the high barriers to entry where it is expected that those applying for roles have decades of experience to even be considered for a position. This has led to a shortage of talent in the market, as positions aren’t being filled.
To overcome this, the industry should become more open-minded and flexible to employing people who have varied experience but are willing to learn. Businesses must be open to support the development of new talent in the industry, through education, training and certifications. Teaching employees about cybersecurity is an effective way to directly close the gap.
Businesses need to realise that hiring alone cannot close the cybersecurity skills gap, especially when the people needed to fill this gap simply do not exist. Organisations must invest in their employees and help them to develop their skills through education, training and industry-recognised certifications.
When so many cyberattacks rely on human error, this is one of the most effective investments any organisation will make in their security practice as a whole. The skills gap must be taken more seriously by businesses, and partners need to make a more concerted effort to support their customers through training alongside deploying cybersecurity solutions.
Diana Gayri is manager for European Competence Centre Security and Networking at TD Synnex. She is a certified and experienced cybersecurity professional with a history of working in the information technology and services industry. She specialises in developing the go-to-market strategies and enablement programs for the channel. You may follow her on LinkedIn or @TDSYNNEX on Twitter.
You May Also Like