Hiring and retaining proficient cyber security talent will be one of the top challenges for businesses this year.
This is according to the World Economic Forum (WEF) Global Cyber Security Outlook 2023. It warns the lack of skilled cyber security experts is a threat to business and societies, with key sectors − such as energy utilities − reporting a 25% gap in critical skills.
This talent crunch, WEF cautions, is a key challenge for managing cyber resilience, and more needs to be done to increase the flow of cyber security talent into the workforce.
The shortage is a growing concern globally, according to ISC2, a non-profit organisation specialising in training and certifications for cyber security professionals, which says there is a worldwide gap of 3.4 million cyber security workers.
In its outlook, WEF says organisations are competing for talent by paying more to the same small pool of people.
This, it says, exacerbates the staff shortage by creating a high turnover of cyber security experts from company to company. “Paying more is a stopgap that will not solve the longer-term problem.”
The organisation says a broad solution to increase the supply of cyber professionals is to expand and promote inclusion and diversity efforts within cyber recruitment.
“Underrepresented groups in cyber security − such as women, people of colour and those with informal education − have been continually discouraged from technical careers through societal expectations and perceptions of cyber security work culture.
“This is not a simple solution. As a first step, it requires broadening the narrative about who can work in cyber security so that people with non-technical backgrounds, as well as those outside of the traditional education system and from underrepresented groups, understand there are currently roles for them as well and that it is possible to retrain for technical roles in the near future.”
According to the WEF outlook, many cyber security roles can be learned on the job or through apprenticeships.
“Democratising access to cyber security career paths has the potential to be a social good, supporting reskilling of sections of the workforce.”
However, WEF cautions, capitalising on the increased interest in cyber security is also likely to require greater collaboration between organisations.
It says: “Even high-quality apprenticeship and training programmes run by individual organisations, such as the Absa Cyber Security Academy in South Africa, have encountered difficulties scaling to large numbers.”
The Absa Cyber Security Academy runs a programme aimed at empowering marginalised South African youth, who would otherwise not have access to tertiary education. The learners who participate become certified cyber security specialists.
Turning to other concerns anticipated in the near future, WEF says: “86% of business leaders and 93% of cyber leaders believe global geopolitical instability is likely to lead to a catastrophic cyber event in the next two years.”
WEF says most participants in its study, across all sizes of organisations, stated geopolitical instability had influenced their cyber security strategy.
“Respondents who reported successful changes in their cyber security strategy also said they had organisational structures in place that supported interaction among cyber leaders, business leaders across functions and boards of directors. These structures encouraged collaboration on digital resilience across business activities.”
It urges organisations to embed cyber risk in decision-making, saying: “Organisations that have embedded discussions on cyber risk into their decision-making structures are more confident in their cyber resilience and feel better able to recover from a major cyber attack. Cyber security is as much an organisational challenge as a technical one.”
WEF notes the 2022 Global Cyber Security Outlook report highlighted “a clear disparity in how business executives and cyber executives described the integration of cyber resilience into enterprise risk management strategies”.
However, it points out: “The 2023 survey findings illustrate a narrowing of that perception gap, with 95% of business executives and 93% (up from 75% in the 2022 edition) of cyber executives agreeing cyber resilience is integrated into their organisation’s enterprise risk-management strategies.”
Share