- Security TWENTY
- Women in Security
Tom Kranz, Director of Cyber Lab at 6point6, a technology consultancy, writes that the digital skills shortage is a permanent thorn in the cyber industry’s side that needs to be tackled now before it’s left to fester any longer and cause real long term damage.
Despite being exaggerated by many as a full-blown crisis, the talent shortage is actually something that needs properly addressing, not hyperbole. With hackers ramping up attacks and developing increasingly sophisticated tools and methods, organisations like Gartner have dubbed it as the top emerging risk facing organisations in a 2019 survey. The problem can’t be solved with technology, and so organisations need to prioritise their greatest resource: people. Skilled teams are vital to protecting against potential cyber threats and minimising the risk of disruption to businesses.
In the long run, this skills shortage could be detrimental to the wider UK economy; which could forfeit as much as £140 billion in GDP growth promised by investment in intelligent technologies if the digital skills gap fails to close, according to a report from Accenture. Estimates that there will be as many as three and a half million unfilled cyber security roles by 2021 indicates how quickly the industry is growing and how the cyber talent pool is struggling to provide enough talent to plug these gaps. With limited budgets and increased pressure from attackers, we’ll look at five ways we can tackle this skills shortage.
Integrate industry efforts
All businesses are struggling to find the right cyber security professionals, with the right skills for their organisation. Limited talent availability and high demand is naturally having an impact on compensation as well, adding financial pressures into the mix. While it’s easier for large corporations to snap up specialised security experts, and technology-based firms are attractive to younger cyber professionals, many small businesses are struggling to tap into such expertise. Industry bodies need to support organisations by pooling resources and talents, sharing best practices and research to reduce the need for organisations to have to hire their own specialists.
Invest in outside help
Boards and company executives will often benefit from support when ensuring they have a successful cyber security strategy; this includes making sure they have the right talent, budget and resources to address any potential gaps across the company.
Investing in outside help from specialised consultancies can provide valuable resource to senior decision makers as and when needed. Their flexibility and knowledge means they can do deep-dive audits into the cyber health of the business and work with the C-suite to develop cyber security strategies and responses, while offering support to solve any immediate cyber security vulnerabilities. This will also benefit permanent employees, as any consultancy should have knowledge transfer as part of their engagement scope, upskilling and training the permanent cyber staff.
Grow your own
Growing your own talent is a great way to build out cyber expertise that has the subject matter knowledge and industry experience that is directly relevant to your business. . As well as broadening the range of potential candidates, it ensures that businesses don’t run the risk of overlooking those who have the right skills and experience that can be developed. Just because they may not have prior degrees or direct qualifications from the industry doesn’t mean they can’t be trained and be the ideal fit for the cyber team.
A lack of training on offer in organisations will also hamper the level of cyber expertise and professional development is critical for cyber security workers in order to keep up with the fast-moving industry. Organisations need to prioritise training in order to upskill their current staff and nurture their own talent. Nothing is worse than investing heavily in cyber talent, only to have them walk out the door a year later because they felt their skills were stagnating.
We also need to look at long-term solutions to solving the digital skills gap and this has to start with introducing the younger generations to a career in cyber much earlier on. More education initiatives are needed to inspire young adults, starting in schools to show the various routes into the industry; whether via apprenticeships or degrees. It’s vital that education institutions and industry bodies start to speak to each other so they can jointly tackle the skills shortage at a grassroots level and ensure plans are in place to provide opportunities and experience to grow and nurture future talent. Merely having courses is not enough: this is an initiative that needs to work with industries to define clear career progression and job opportunities to really enthuse students to get into cyber.
Focus on leadership
Companies with the skills and expertise in the cyber industry need to be taking control of these initiatives: they have the talent, expertise and experience to drive the changes needed. Moving the focus away from buying technology and on to people, supported with training, best practice, and industry partnerships, is where the cyber industry needs to take a leadership role.
The vast majority of businesses already know that cyber criminals take advantage of under-staffed organisations, who lack the ability to be as quick and thorough in preventing, detecting and responding to cyber attacks. The root cause is not lack of awareness but lack of talent and resource, which can seem an impossible problem to solve on your own. But by working together we can raise awareness and combat the cyber skills shortage issue at every level; from schools and small businesses to large organisations and the Government.