During this pandemic, talent recruitment and retention for cybersecurity are no longer unidimensional challenges: here are some ideas to consider.
To thrive and survive in today’s increasingly connected world, organizations in the private and public sector are in hot pursuit of digital transformation but limited by the short supply of suitable cybersecurity professionals.
Cybersecurity is consistently rated as one of the most problematic skills shortage areas in the enterprise. According to the ESG (Enterprise Strategy Group), 76% of security professionals surveyed had indicated it was either extremely (18%) or somewhat difficult (58%) to recruit cybersecurity professionals.
Also, 57% of respondents had indicated that their organizations were impacted by the global cybersecurity skills shortage. Among those being impacted, 62% indicated that the skills shortage had increased the workload on existing staff, and 38% noted that the skills shortage had led to employee burnout and employee attrition.
Under significant resource pressure and battling relentless workloads, firms risk losing these vital personnel due to unaddressed burn out and stress.
To address the impact of digital transformation on cybersecurity, firms need to apply holistic thinking and proactive action.
Widening the talent search
As the cyber skills gap widens, enhancing the workforce is no easy task. Recruiting new cyber talent is not the sole answer.
To address the skills gap, organizations need to extend their talent pools in other ways. For example, as one survey showed, 43% of respondents were not being provided with inadequate security training resources. Implementing a clear career progression path for those taking on cybersecurity duties will help incentivize existing IT personnel to join the cybersecurity ranks.
To find more talent, firms also need to broaden the range of potential candidates and focus their recruitment efforts on those from non-technical backgrounds. They can consider candidates with the potential to work in a collaborative and smart way to solve problems. For example, ex-military veterans are problem solvers, ask the right questions, and perform well in strategic management roles, including the management and motivation of staff.
Similarly, firms need to empower women to join the cybersecurity workforce. Last year for example, only 30% of the cybersecurity workforce in the Asia Pacific region comprised women, despite the sector experiencing growth and a huge demand for new recruits.
Women represent a vast untapped resource, and organizations need to address the discrimination barriers that are discouraging women from working in this field.
Alongside improving recruitment engagement and outreach, organizations need to train and prepare employees for cybersecurity transformation. This includes introducing a broader base of professionals to educational opportunities previously reserved for cybersecurity analysts and other roles, while also training all employees on best practices for spotting risks such as phishing attempts.
Analyzing data from millions of users that have accessed security assets in Skillsoft’s learning experience platform Percipio, we found that 2021 has been a true inflection point for security learning and development in corporate environments.
Whether for professional development or career path enrichment, organizations and employees have been spending significantly more time in cybersecurity training than ever before. Since 2019, we have observed a 53% increase in the total number of hours that learners are dedicating to security training content and courses on an annual basis.
Organizations not investing in training and development programs for individuals from a non-technical background are taking a short-sighted approach: one that exposes the enterprise to greater risk as the threat landscape continues to evolve over the coming years.
Make cybersecurity everyone’s responsibility
Finally, a key aspect of tackling increasing cyberattack risks amid the cyber skills shortage is to increase cyber awareness for all employees. Many data breaches can be prevented by basic cyber hygiene.
Initiating regular short training sessions for the entire workforce can prime employees to recognize a threat and know who to alert. Training input needs to be relevant and reinforced regularly. Everyone must understand the latest threat trends and their responsibilities in relation to keeping company and customer data safe.
In the face of a persistent shortage of cybersecurity skills, companies must rethink people and resources to maximize their resilience to attack. From broadening their view of the workforce to developing new, previously untapped, candidate pools and extending cybersecurity awareness and training to the wider workforce, taking a more holistic approach can help organizations adapt and ensure the new digital workplace stays protected.