Why closing the cyber skills gap requires a collaborative approach
The world faces a global skills shortage of nearly 4 million cybersecurity professionals. Image: Getty Images/iStockphoto
- There is a global skills shortage of nearly 4 million cybersecurity experts, with this deficit set to grow amid an increase in demand for cyber professionals.
- At the same time, almost 90% of organizations experienced a breach in the last year, which they can partially attribute to a lack of cybersecurity skills.
- The World Economic Forum's Strategic Cybersecurity Framework outlines why public-private collaboration is key to closing the cyber skills gap.
Organizations around the globe are evolving rapidly, embracing changing market demands, new technologies and fresh business models. Yet these shifts present unique challenges for the cybersecurity practitioners responsible for protecting their organizations, particularly as the ongoing skills shortage persists.
Recent data shows a shortage of nearly 4 million cybersecurity professionals worldwide. With a consistent year-over-year increase in the demand for qualified cybersecurity professionals, this deficit will only grow wider.
Have you read?
The impacts of the skills shortage are felt among businesses of all sizes across all industries. According to the Fortinet 2024 Cybersecurity Skills Gap Report, 87% of leaders said their organization experienced one or more security breaches in 2023.
More than half of those respondents indicated that breaches cost them more than $1 million in lost revenue, fines and other expenses last year.
Why industry needs new strategies for recruiting and hiring security talent
Despite these hurdles, there’s some encouraging news. More than 70% of security leaders said their board members are taking a greater interest in cybersecurity than before, which sets a foundation for organizations to dedicate more focus and resources to building a pipeline of cybersecurity talent.
A multi-pronged, collaborative approach is required, as outlined in the World Economic Forum’s Strategic Cybersecurity Talent Framework, which serves as a reference for public and private decision-makers committed to developing and nurturing cybersecurity talent across their respective sectors.
Below are three key areas on which organizations must focus to grow the cybersecurity workforce and fill critical positions.
Identify and recruit from fresh cyber talent pools
More than half of organizations struggle to recruit cybersecurity talent. And with an additional 4 million professionals needed to fill vacant cybersecurity roles, recruiting from new talent pools is vital.
The World Economic Forum’s Strategic Cybersecurity Talent Framework offers valuable guidance on attracting new talent to the profession, including prioritizing diversity and inclusion, hiring from underrepresented groups, partnering with academic institutions to attract qualified candidates, showcasing learning and career development opportunities, and developing in-house talent.
Many organizations are already implementing unique recruiting strategies to bring new talent to the field. More than 70% of IT decision-makers have structured recruiting efforts targeting women, and 60% have similar initiatives for minority candidates.
There are numerous public-private collaboration efforts in place as well designed to provide individuals of all backgrounds and career levels access to cybersecurity educational opportunities.
One example is the Cybersecurity Learning Hub, a World Economic Forum partner-led initiative managed by Fortinet, Salesforce and the Global Cyber Alliance. The hub features a library of career-oriented information, expert interviews and training modules – enabling every user to map their own learning and career path.
Offer continuous learning opportunities to existing employees
While recruiting new talent to the field is critical to shrinking the skills gap, organizations must also identify ways to retain current talent. This could be accomplished through upskilling current cybersecurity hires or reskilling individuals within the organization who possess key soft skills that can translate to a cybersecurity role.
Insights from a recent report make it clear that employees want to learn and grow: 50% of leaders say that a lack of training and upskilling opportunities is their biggest retention challenge.
Offering employees the chance to earn cybersecurity certifications is a great place to start and benefits both the individual and the organization. More than a third of cybersecurity professionals look forward to earning a certification, and 89% of IT leaders say they will pay for an employee to obtain these certifications.
Leaders hold certifications in high regard, noting that those employees who pursue these opportunities have increased skills and knowledge, perform job tasks better and grow their careers faster.
Develop a cyber-aware workforce
In addition to recruiting new cybersecurity talent, developing a cyber-aware workforce is a critical component of any risk management strategy. A recent survey found that 81% of organizations faced attacks that directly targeted users, such as malware, phishing and password attacks.
When employees know about common risks like phishing and social engineering, they can be a solid first line of defence against attacks. In the past year, 61% of leaders said their organization has discussed or implemented security awareness training programmes for all employees.
To create an effective security awareness education effort, leaders should establish a vision for the initiative, cover relevant topics and develop a long-term strategy for delivering new content and engaging with employees.
Public-private collaborations key to closing the cyber skills gap
Just as no single organization can disrupt cybercrime alone, public-private collaborations are important to our collective efforts to shrink the cybersecurity skills gap.
How is the Forum tackling global cybersecurity challenges?
This growing need motivated the World Economic Forum to establish the Bridging the Cyber Skills Gap initiative, which brought together more than 50 public and private organizations to create the Strategic Cybersecurity Talent Framework.
By working together, we can create and share actionable approaches to help every organization build a sustainable cyber talent pipeline.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on CybersecuritySee all
Daniel Dobrygowski and Bart Valkhof
November 19, 2024