A new report by the Digital Transformation Institute at technology and outsourcing firm Capgemini has highlighted a cybersecurity talent gap, calling for new recruitment and retention strategies to help organisations contain cyber risks.
A survey of over 1,200 senior executives and front-line employees, Cybersecurity Talent: The Big Gap in Cyber Protection found that 68% of organisations reported a high demand for cybersecurity skills compared to 61% demanding innovation skills and 64% analytics skills.
“The cybersecurity skills gap has a very real effect on organisations in every sector,” said Mike Turner, chief operating officer of Capgemini’s Cybersecurity Global Service Line. “Spending months rather than weeks looking for suitable candidates is not only inefficient it also leaves organisations dangerously exposed to rising incidents of cybercrime. Business leaders must urgently rethink how they recruit and retain talent, particularly if they wish to maximise the benefits from investment in digital transformation.”
The demand for cybersecurity skills is predicted to grow over the next three years with 72% of respondents predicting high demand for cybersecurity in 2020.
The results of the study indicate that in order to close the cybersecurity skills gap, companies need to prioritise four main actions, as follows:
1. Integrate security
Companies need to assess how well security is integrated across the organisation.
“It’s important to make the organisation as a whole better at cybersecurity, aligning the enterprise with principles and processes that are secure from the ground up,” said Turner. “Get the basics right, in terms of application development. Develop secure code. Make your network engineers and cloud architects better at securing the cloud. That’s a good way to fight the skills gap, because it teaches the organisation to be secure by design.”
2. Maximise existing skillsets
“Another priority is to look at the, as yet, unrecognised cybersecurity skills that lie within,” said Turner. “Half of all employees are already investing their own resources to develop digital skills, showing an appetite to upskill. Organisations that struggle to recruit externally may be able to uncover candidates with adaptable skillsets who can be trained. Those functions with complementary and transferable skills include network operations, database administration and application development.”
Companies should look at the requirement to embed security into every service and application and hire business communicators to complement the technical skills in their team.
3. Rethink recruitment strategies
Organisations need to think beyond the normal recruitment strategies and understand the root skills of cybersecurity.
“Thinking outside the box is about understanding transferable skills,” said Turner. “For example, people on the autism spectrum are fantastic at pattern spotting and are often blessed with numerical and problem-solving skills, attention to detail and a methodical approach to work – all useful traits for cybersecurity best practice.”
4. Strengthen retention
Organisations need to look at engagement of existing employees to ensure talent gaps don’t worsen.
The report reveals that cybersecurity employees value organisations that offer flexible working arrangements, encourage training and prioritise accessible career progression.
A copy of Cybersecurity Talent: The Big Gap in Cyber Protection is available to download here.