60% of global leaders struggle to recruit cyber security talent due to a skills shortage

80% of organisations suffered one or more breaches that could attribute to a lack of cyber security skills and/or awareness. It’s no secret that companies are facing a huge cyber security talent shortage. Unfortunately, speaking about the cyber security skills gap has not increased the cyber workforce and will not. Most cyber security professionals (95%) believe the skills gap has not improved over the past few years, and nearly half (44%) believe it has gotten worse, according to research from Information Systems Security Association (ISSA).

Cyber Magazine reported there are around 1.1 million people employed in cyber security in the US, however this is over 700,000 unfilled positions currently available. Worldwide, the cyber workforce shortfall is approximately 3.5 million people.

The Fortinet, 2022 Cybersecurity Skills Gap Global Research Report saw 60% of global leaders struggle to recruit cyber security talent and 52% struggle to retain qualified talent. 67% agree there is a shortage of qualified cyber security candidates which creates risks for their organisation with 76% board of directors now recommends increases in IT and cyber security headcount. 88% reporting that their board now asks questions specifically about cyber security.

To understand the four main issues on why cyber security leaders, see a skills shortage within their organisation, we have dived into this – 87% Of Cyber Security Leaders See A Skills Shortage Within Their Organisation.

Organisations making a difference

- Microsoft launched a national campaign within the US community colleges to help place 250,000 people into the cyber security workforce by 2025, representing half of the country’s labour shortage.
- Google ran a full-page ad in The Wall Street Journal stating they are training 100,000 Americans for vital jobs in data privacy and security, through the Google Career Certificate program.
- IBM is training 150,000 people in cyber security skills over the next three years, and they will partner with more than 20 historically black colleges and universities to establish cyber security leadership centres to grow a more diverse cyber workforce.

Four ways organisations can address the cyber security skills gap

There’s no way to bridge the cyber security skills gap overnight, but organisations can start making progress today by doing the following three things:

1. Tap into underrepresented communities.

Having a diverse and inclusive workplace is important not only ethically but also for improving employee morale, boosting innovation, and enhancing business success. Therefore, prioritise outreach to overlooked communities, where you can educate members of these communities on the incredible variety of opportunities in cyber security and show them how they can join the workforce. We have set out practical steps that organisations can take to embed diversity and inclusion in the workplace.

1. Build skills primarily in-house

Organisations can tap into a much larger pool of workers if they relax job requirements and instead plan on building cyber skills internally by providing training, education, and certification support for new employees to help get them up to speed. Enable new graduates and people transitioning from other careers that have an interest in and capacity for cyber security to learn and grow.

1. Support your existing talent

Burnout is rampant today at many organisations, especially when there is such a shortage of skilled people, it’s easy for anyone unhappy to leave and find a better opportunity elsewhere. However, there are also critical cyber security needs that must be met. Here are some strategies for supporting your existing workforce so they’ll be less likely to leave:

- Whenever feasible, automate routine tasks — especially those that are repetitive and boring or high stress. This helps reduce your labour needs and gives your employees interesting, lower-stress work to do.
- Consider using managed security services, particularly for off-hours monitoring, analysis, and incident response. Small organisations may want to outsource most of their security services altogether to reduce their need for dedicated cyber security staff and instead train their IT personnel to also handle occasional cyber security tasks.
- For particularly stressful or demanding positions, consider the possibility of job rotation. An example is rotating security operations personnel to a non-operations position after 12 or 18 months. This can help prevent burnout and allows people to build additional skills, making them more valuable to your organisation.
- When your employees are taking time off, sick leave or otherwise, let them be off work. Everyone needs a break from work; expecting employees to keep checking in with work while they’re off – and especially being on call or performing operational support — is unfair to them and will certainly foster resentment. This may be a major culture change for your staff but it’s likely to be well worth it, both for retaining existing staff and for attracting new employees.

1. Working with a specialist recruiter

As the Cyber Security market continues to grow, there remains a constant need for exceptional cyber professionals and as such, the market has continued to have a constant flow of new positions. Utilising a specialist Cyber Security recruiter, has significant benefits for clients and candidates. In our recent article we highlighted some of the reasons that you ought to use a specialist recruiter and the benefits that you will gain from having done so.

Subscribe To Our Newsletter

Candidate Journey and Demand

Via Resource also dived into the UK Cyber Security market to understand the level of demand for good candidates and whether the skills gap does exist. We had the opportunity to speak first-hand to candidates to find out their views on how the recruitment process has changed and to establish what candidates find attractive in employers and job opportunities. Overview of the results:

1. How candidates apply for a new role

Cyber security professionals apply for roles in a mixture of ways with LinkedIn being the most popular channel with 96% of the candidates initially discovering jobs or performing job related research via this channel. Using a recruitment consultancy comes second, 45% of candidates reported finding un-advertised Cyber Security roles where hiring organisations have chosen to be more discreet. Candidates also preferred not having to negotiate salary package with potential employers, this part of the process made many applicants feel uncomfortable. Other ways of applying for a new role include Indeed (31%), company website (31%), using their own network (18%), Jobsite (16%) and Total Jobs (16%).

1. What Candidates looking for in their role

We asked Cyber security professionals if they had to rank the most important thing, they look for in a new role the sequence is as followed:

1. Remuneration
2. Job Title
3. Job Benefits
4. Career Progression
5. Job Responsibilities
6. Skills
7. Training

Even with training being of the lowest importance to candidates 94% of candidates surveyed would be happy to take on additional training to learn skills.

The Cyber Security Skills Gap And How To Attract Candidates

If you are looking for your next cyber security employee, get help from the experts. Hiring Cyber Security professionals can help you store and protect your valuable business information and ensure it is secure and backed up in the event of a breach or cyberattack. This is where Via Resource can help to build your highly functional security team.