Another report, this time from the Department for Science, Innovation and Technology, finds that half of UK businesses that recruit people in cyber roles lack the appropriate skills – highlighting the impact of this skills shortage.
So how can businesses better retain and recruit the right cybersecurity professionals?
According to Claire Trachet, CEO of business advisor, Trachet and fractional CFO of global cybersecurity company, YesWeHack, many cybersecurity roles are in high demand, such as cybersecurity engineers, ethical hackers, and security software developers, and as such demand far outweighs the supply.
Trachet makes the point that skilled professionals remain increasingly necessary, with a new survey from PWC finding just under half (48%) of UK organisations believe a “catastrophic cyber-attack” is their top risk scenario, ahead of a global recession (45%) and the resurgence of COVID-19 (43%).
As a high priority for businesses, there needs to be a shift in how businesses approach closing the skills gap, going beyond finding existing people within the industry and instead looking for employees with transferrable skills. For instance, looking at a threat researcher, the skills for this role can come from people of various occupational backgrounds, such as teachers, barristers, and mechanics.
The UK government is looking to address this skills shortage and has recently kickstarted its ‘Upskill in Cyber’ programme, which aims to bridge the country’s digital skills gap and has seen a record number of applicants apply.
“The government programme serves as a vital way to give people the appropriate support to help them flourish and support the economy amidst a challenging outlook for other industries,” said Trachet.
Many companies are also using M&A to help bridge the talent gap.
“Corporations are actively leveraging M&A to fortify cybersecurity defences instead of opting for recruitment or training. There are countless examples, a few include Microsoft, Cisco, and FireEye which carried out key acquisitions of GitHub, Duo Security, and Mandiant respectively,” said Trachet.
“As many in the field know, the biggest issue encompassing the cybersecurity security sector is scaling and internationalisation – and this mainly comes from the increasing talent shortage. There are dozens of schools which have opened over the past few years on a global level, as well as scale-ups trying to address the training element through gamified training platforms, to address this and what we are increasingly seeing is larger companies looking to forge relationships with these institutions, be that through sponsorship, mentorship or specialised programmes. This means that they then have access to a new wave of talent that’s coming through in this sector.”
Innovative approaches are certainly going to be crucial in closing the skills gap in the cyber sector and being able to ‘think outside the box’ is going to be an additional skill that many companies will have to start to embrace as the race for talent accelerates.