Closing the cybersecurity skills gap has been a topic of interest for a number of years with many organizations reporting on its slow decline. According to (ISC)2’s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65 percent to effectively defend organizations’ critical assets. While the number of professionals needed to fill the gap has decreased from 3.12 million down to 2.72 million in the past year, this is still a significant void that leaves organizations vulnerable.
There is a lot to be learned from the skills gap. Today, Fortinet released the 2022 Cybersecurity Skills Gap Global Research Report that uncovers the impact the skills gap is having on organizations around the world. From the survey’s findings, five top themes have emerged:
- Cybersecurity affects every organization
- Recruitment and retention of talent is a problem
- Organizations are looking for individuals with certified skills
- Organizations are looking for more diversity
- Raising cybersecurity awareness remains a key challenge
The survey was conducted in January and February of 2022 and included more than 1200 IT and cybersecurity decision-makers from 29 different locations. There was an even split between the respondents in four regions: North America, EMEA, APAC and LATAM.
How Cybersecurity and the Skills Gap Affects Every Organization
A staggering 80% of organizations experienced at least one breach during the last 12 months that they could attribute to a lack of cybersecurity skills and/or awareness. Almost 20% suffered five or more breaches.Number of breaches in the last 12 months
If that weren’t enough, 64% of organizations experienced breaches that resulted in lost revenue and/or cost them fines. Of those, 38% reported breaches that cost them more than a million dollars (USD).
How is the Skills Gap Creating Cyber Risk?
According to the survey respondents, a key factor contributing to the breaches is that organizations struggle to find and retain certified cybersecurity people. 67% of global leader respondents indicate that the skills shortage creates additional cyber risks for their organization.
Recruitment and Retention Are Key Challenges Causing the Skills Gap
Organizations need qualified cybersecurity professionals now more than ever, which is why 76% of organizations indicate that their board of directors now recommend increases in IT and cybersecurity headcount.Board members who recommend increases in IT and cybersecurity headcount
Most would hope that increasing hiring could be an easy fix to this problem, however, 60% of organizations indicated that they struggle to recruit cybersecurity talent and 52% struggle to retain it.
Another key challenge for recruitment is the that organizations need to hire people for a broad range of security and IT network-related roles and specializations. Cloud security specialist and security operations (SOC) analysts remain among the most sought-after roles in cybersecurity, followed closely by security administrators and architects. But organizations aren’t just looking to ramp up hires arbitrarily. They’re deliberately trying to build teams of specialized talent who are equipped to handle an increasingly complex threat landscape.
Finding Qualified People is a Challenge for the Skills Gap
Globally, 50% of organizations seek cloud security specialists, a priority that’s likely informed by how rapidly companies moved their operations to the cloud during the pandemic.
The challenge is finding the right people.What roles are organizations looking for?
What Skills Are Needed to Work in Cybersecurity?
Central to the challenge of recruiting and retaining cybersecurity talent is the importance of certification. Certified professionals are universally sought after with 95% of decision-makers sharing that technology-focused certifications positively impact both their role and their team.
Organizations Are Looking for Certified Skills
As such, 81% of leaders prefer to hire people with certifications.
However, 78% indicate it’s hard to find certified people. This may contribute to the fact that globally 91% of organizations say they are willing to pay for an employee to achieve a cybersecurity certification.Organizations would pay for an employee to get a cybersecurity certification
The preference to hire certified people may be because organization leaders followed that same path themselves:
- 86% of decision-makers report having earned technology-focused certifications
- 88% report having other people with certificates on their team
Certification is an Opportunity Given the Skills Gap
It should also be noted from above that global leaders attributed the struggle to find and retain certified cybersecurity people as a key factor contributing to breaches. This also may influence an organization’s hiring strategy with a tendency to lean towards professionals with corresponding certifications to the positions they are attempting to fill.
Closing the Cybersecurity Skills Gap by Prioritizing Diversity
The challenge isn’t just hiring more people, but also building more capable and more diverse teams. While enterprises need qualified talent for a range of different roles, 89% of global companies also have explicit diversity goals as part of their hiring plan.
7 out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges. 61% say hiring minorities is also a top three challenge.
Despite the challenges, or perhaps because of it, three out of four organizations implemented formal processes to hire more women, and nine out of 10 actively engaged women and new graduates during the last three years. 59% of companies have structures in place to hire minorities, and 51% for hiring more veterans.Hiring from these populations is a top three challenge for organizations
Raising Cybersecurity Awareness to Close the Skills Gap
Even though the recruitment, retention, and certification of a cybersecurity team is vital, companies cannot realistically protect themselves until they also raise the cyber awareness of all employees. That requires ensuring that all employees, at all levels and all roles within the organization, have the knowledge and awareness to protect themselves and their organization’s data. Until they do, breaches will always be likely.
87% of organizations implemented a training program to increase cyber awareness. However, 52% of leaders continue to believe their employees still lack the necessary knowledge. This raises the question of the effectiveness of the programs that organizations currently have in place. Employees lack knowledge when it comes to cybersecurity awareness
For those that don’t have a program in place, 66% report they are currently looking for a program that would suit their needs.
The Power of People Can Help Close the Skills Gap
Cybersecurity can sometimes feel like a purely technological domain. But when you look past the technology that organizations rely on, cybersecurity is all about how well your employees work together to protect the organization.
Fortunately, organizations are making deliberate efforts to improve on all these fronts. However, it is imperative to remember that the cyber battle isn’t won on any one front. Cybersecurity requires an entire system of people and technology working together to protect an organization.
That starts with people who are empowered, qualified, and certified to protect the organization.