Why closing the cyber skills gap requires a collaborative approach

Organizations around the globe are evolving rapidly, embracing changing market demands, new technologies and fresh business models. Yet these shifts present unique challenges for the cybersecurity practitioners responsible for protecting their organizations, particularly as the ongoing skills shortage persists.

Recent data shows a shortage of nearly 4 million cybersecurity professionals worldwide. With a consistent year-over-year increase in the demand for qualified cybersecurity professionals, this deficit will only grow wider.

The impacts of the skills shortage are felt among businesses of all sizes across all industries. According to the Fortinet 2024 Cybersecurity Skills Gap Report, 87% of leaders said their organization experienced one or more security breaches in 2023.

More than half of those respondents indicated that breaches cost them more than $1 million in lost revenue, fines and other expenses last year.

Despite these hurdles, there’s some encouraging news. More than 70% of security leaders said their board members are taking a greater interest in cybersecurity than before, which sets a foundation for organizations to dedicate more focus and resources to building a pipeline of cybersecurity talent.

A multi-pronged, collaborative approach is required, as outlined in the World Economic Forum’s Strategic Cybersecurity Talent Framework, which serves as a reference for public and private decision-makers committed to developing and nurturing cybersecurity talent across their respective sectors.

Below are three key areas on which organizations must focus to grow the cybersecurity workforce and fill critical positions.

More than half of organizations struggle to recruit cybersecurity talent. And with an additional 4 million professionals needed to fill vacant cybersecurity roles, recruiting from new talent pools is vital.

The World Economic Forum’s Strategic Cybersecurity Talent Framework offers valuable guidance on attracting new talent to the profession, including prioritizing diversity and inclusion, hiring from underrepresented groups, partnering with academic institutions to attract qualified candidates, showcasing learning and career development opportunities, and developing in-house talent.

Many organizations are already implementing unique recruiting strategies to bring new talent to the field. More than 70% of IT decision-makers have structured recruiting efforts targeting women, and 60% have similar initiatives for minority candidates.

There are numerous public-private collaboration efforts in place as well designed to provide individuals of all backgrounds and career levels access to cybersecurity educational opportunities.

One example is the Cybersecurity Learning Hub, a World Economic Forum partner-led initiative managed by Fortinet, Salesforce and the Global Cyber Alliance. The hub features a library of career-oriented information, expert interviews and training modules – enabling every user to map their own learning and career path.

While recruiting new talent to the field is critical to shrinking the skills gap, organizations must also identify ways to retain current talent. This could be accomplished through upskilling current cybersecurity hires or reskilling individuals within the organization who possess key soft skills that can translate to a cybersecurity role.

Insights from a recent report make it clear that employees want to learn and grow: 50% of leaders say that a lack of training and upskilling opportunities is their biggest retention challenge.

Offering employees the chance to earn cybersecurity certifications is a great place to start and benefits both the individual and the organization. More than a third of cybersecurity professionals look forward to earning a certification, and 89% of IT leaders say they will pay for an employee to obtain these certifications.

Leaders hold certifications in high regard, noting that those employees who pursue these opportunities have increased skills and knowledge, perform job tasks better and grow their careers faster.

In addition to recruiting new cybersecurity talent, developing a cyber-aware workforce is a critical component of any risk management strategy. A recent survey found that 81% of organizations faced attacks that directly targeted users, such as malware, phishing and password attacks.

When employees know about common risks like phishing and social engineering, they can be a solid first line of defence against attacks. In the past year, 61% of leaders said their organization has discussed or implemented security awareness training programmes for all employees.

To create an effective security awareness education effort, leaders should establish a vision for the initiative, cover relevant topics and develop a long-term strategy for delivering new content and engaging with employees.

Just as no single organization can disrupt cybercrime alone, public-private collaborations are important to our collective efforts to shrink the cybersecurity skills gap.

This growing need motivated the World Economic Forum to establish the Bridging the Cyber Skills Gap initiative, which brought together more than 50 public and private organizations to create the Strategic Cybersecurity Talent Framework.

By working together, we can create and share actionable approaches to help every organization build a sustainable cyber talent pipeline.