In the first WEF Global Cybersecurity Outlook flagship report, released earlier this year, 59% of respondents said they would find it challenging to respond to a cybersecurity incident due to a shortage of skills within their team.
Fortinet’s 2022 Cybersecurity Skills Gap Global Research Report echoes this finding, saying 67% of leaders worldwide are concerned that they face additional risks due to cybersecurity skills gaps.
Fortinet finds that 80% of organisations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and/or awareness, with 60% saying they struggle to recruit cybersecurity talent and 52% struggling to retain qualified people.
The five biggest skills gaps were for cloud security specialists, security operations centre analysts, security administrators, security architects, and security awareness and training administrators.
In South Africa, the department of communications & digital technologies recently noted the country’s major cybersecurity skills shortage, and efforts by the Banking Sector Education and Training Authority (BankSeta) and the South African Banking Risk Information Centre (Sabric) to address it.
The skills gap isn’t new – as far back as 2018, it was reported that around a million cybersecurity jobs were unfilled, which was expected to top 3.5 million by 2021. The gap was so bad that students were being recruited to defend organisations, it was reported, while graduates could command six-figure salaries in the US.
Recently, Fortune magazine quoted recruiting firm Mondo as saying cybersecurity professionals can earn up to US$225 000 in some positions. It’s no wonder then that finding and retaining the right skills is challenging for organisations paying in rands, when global work and gig work is offering six-figure salaries in dollars, pounds or euros.
Adding to this challenge is the fact that understaffed and overworked cybersecurity teams are a significant business risk.
Below are three key ways companies can work to overcome the cybersecurity talent gap.
Upskill
Upskilling existing workforces has to be a priority for every organisation. Technology changes all the time, and threats are continually evolving. Organisations need to invest in continuous learning and certification programmes for their employees, to keep them relevant.
Reskilling programmes within the organisation can offer cybersecurity training to employees who are interested in changing direction within the organisation. This not only builds much-needed skills within the business, it also improves staff loyalty and retention.
In addition, focusing on cybersecurity awareness and training across the organisation can help to reduce risk and the burden on cybersecurity teams.
Outsource
Managed security services and security operations centre services are a critical resource for organisations grappling with skills shortages. With managed security services backing them up, in-house security teams are relieved of much of the pressure they’re under, and the organisation gets highly qualified and certified cybersecurity professionals at their disposal – with no chance of them being poached.
Automate with AI
Advanced solutions incorporating AI, machine learning, analytics and global threat intelligence enable a level of visibility and defence in depth that humans alone cannot achieve. Proactively mitigating risk, threat hunting and slashing the number of false positive alerts, these solutions don’t miss the threats that busy cybersecurity professionals might.
- The author, Wayne Olsen, is managing executive: cybersecurity, at BCX
- This promoted content was paid for by the party concerned