Forum Institutional

How more diverse recruitment can help close the cybersecurity talent gap

There is a talent gap of 3.4 million global cybersecurity professionals.

There is a talent gap of 3.4 million global cybersecurity professionals. Image: rawpixel.com.

Michael Alicea
Chief Human Resources Officer, Trellix

Listen to the article

  • Cybersecurity professionals play a critical role in protecting society.
  • As the volume of threats increases, leaders face a workforce deficit, with demand for talent in the cybersecurity industry far exceeding supply.
  • By improving diversity and inclusion we can help close the talent gap.

Cybersecurity’s mission is simple: to protect people. Our industry defends against criminals attempting to steal data, gain money, or create distress. We prevent hackers from shutting down vital medical services, critical public utilities and ransoming private records. We stop nefarious access to voting systems meant to impede the free will of democracy.

Cybersecurity professionals are the unseen heroes keeping the inner mechanisms of society running. And as the volume of threats increases, cybersecurity leaders face a workforce deficit. This talent gap of 3.4 million global professionals, estimated by ISC2, places our industry – already square in the crosshairs of cyber criminals – at a crossroads. Our demand for talent far exceeds our supply.

Our inability to attract and retain qualified employees, our lack of diversity, and the challenging nature of security operations will widen this gap further unless we act now.

Have you read?

Costly cybersecurity skills gap

A survey by Trellix and Vanson Bourne shows that 85% of respondents believe the workforce shortage is impacting their organization’s ability to secure their networks. The survey included 1,000 cybersecurity professionals across nine countries.

Meanwhile, the Ponemon Institute found that the average cost of a single data breach in 2022 was $4.35 million. The demand for cybersecurity talent capable of reducing breaches and their costs is a global crisis, impacting both private and government sectors.

Lack of diversity and inclusion

The industry's workforce is homogenized – 64% identified as white, 78% male, 95% with a bachelor's degree, and 85% in IT, computer science, or technology major. Women, non-binary people, people of colour, our LGBTQ+ community and a variety of educational backgrounds, cultures, and countries are greatly underrepresented.

Cybersecurity hiring practices lean heavily toward four-year degrees, excluding qualified people who lack schooling but have earned certifications or completed other vocational training. Around 56% of security professionals believe people don’t need university degrees to have a successful career in cybersecurity. By contrast, cybercriminals hone their methods from diverse backgrounds without barriers such as education prerequisites.

56% of security professionals believe people don't need university degrees to have a successful career in cybersecurity.
56% of security professionals believe people don't need university degrees to have a successful career in cybersecurity. Image: Trellix.

Attrition due to stress

As the volume and complexity of threats increase, so does cybersecurity talent attrition. Security teams try to make sense of a relentless barrage of alerts. Long work hours of constant stress affect those who otherwise find their career meaningful—almost a third of the current workforce plans to change professions in the future. Increased workloads on existing staff lead to higher burnout rates while cybersecurity jobs remain open.

While there are no simple solutions to these severe challenges, new approaches within the industry and government initiatives can boost training, hiring, and retaining cybersecurity talent to make up ground against the gap.

Invest in people as the future of cybersecurity

By putting people at the heart of cybersecurity, we can pave a path for more people to do soulful work.

92% of security professionals agree that cybersecurity is purposeful, soulful work that motivates them.
92% of security professionals agree that cybersecurity is purposeful, soulful work that motivates them. Image: Trellix.
  • Start early: We can positively expose our primary school children to cybersecurity early through age-appropriate curriculums. This could look like students doing coding activities in class or later in school, running the school’s network. It requires a review of cybersecurity education funding.
  • Increase scholarship funding: Let’s increase scholarship funding and internship programmes, particularly at historically Black colleges and universities, liberal arts schools, and community colleges. This would enable more female and minority students to take advantage of academic opportunities and sharpen their cybersecurity skills.
  • Activate mid-career recruiting: We can create more avenues for early and mid-career professionals to attract more experienced professionals into a career change. Around 92% of security professionals believe that more mentorships, internships, and apprenticeships would encourage people from diverse backgrounds to enter cybersecurity.
  • Retain experience: Let’s not forget the talented professionals already working within the field. We must optimize our investment in their careers by solving internal frustrations such as pay gaps, unfriendly environments, lack of recognition for the positive work they do in society and lack of modern tools.
92% of security professionals believe that more mentorships, internships, and apprenticeships would encourage more people from diverse backgrounds to enter cybersecurity.
92% of security professionals believe that more mentorships, internships, and apprenticeships would encourage more people from diverse backgrounds to enter cybersecurity. Image: Trellix.

Revolutionize security operations

Scaling our cybersecurity teams isn't all the work that needs to be done. Workloads must be reduced. Security operations leaders can support their teams by embracing automation and an extended detection and response (XDR) architecture to do their jobs more efficiently and effectively. Other industries have enterprise platforms, but cybersecurity has not adopted one yet. Moving to an open XDR platform is the revolutionary solution needed.

There’s a clear path forward to solving our lack of diversity and overcoming our talent deficit. It involves attracting more bright individuals across genders, races, ages, ethnicities, and orientations. It includes enticing more skilled workers in search of more purposeful careers and more fulfilling lives.

We can meet the moment by creating pathways for people from diverse backgrounds and equipping security operation employees with the tools they need to make their jobs and lives easier.

Discover

How is the Forum tackling global cybersecurity challenges?

Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Jobs and Skills

Related topics:
Forum InstitutionalJobs and the Future of WorkCybersecurity
Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

Davos 2025: How to follow the Annual Meeting on our digital channels

Beatrice Di Caro

December 17, 2024

The other 51 weeks: what happens before and after Davos?

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum