Majority of companies now hit by a cybersecurity skills gap

22 February 2018 6 min. read

According to a new study, the UK has the world’s third largest cybersecurity talent pool. However, almost seven in every ten organisations are reporting high demand for cyber skills, while a meagre four in ten already have those skills present within the company today.

Global organisations have been warned they must consider new recruitment and retention strategies, in order to contain cyber risks, which remain a prominent threat to business in 2018. While last year saw a series of systemic breaches – with global institutions like the NHS, and consulting industry giants like Deloitte among those falling foul of cyberattacks – the new year has already seen a series of high profile hacks, including the Winter Olympics hacked cloud service provider, Atos.

A new report by Capgemini’s Digital Transformation Institute has highlighted an urgent and growing cybersecurity talent gap. The study, ‘Cybersecurity Talent: The Big Gap in Cyber Protection’, surveyed over 1,200 senior executives and front-line employees from around the world, while analysing social media sentiment of more than 8,000 cybersecurity employees. 68% of organisations reported high demand for cybersecurity skills compared to 61% demanding innovation skills and 64% analytics skills.

Cybersecurity has the largest demand as well as the largest gap between demand and supply

Demand for these skills was then set against the availability of proficient skills already present in the organisation, which identified a 25% gap for cybersecurity skills (with 43% availability of proficient skills already present in the organization), compared to a 13% gap for analytics (51% already present) and a 21% gap for innovation (40% already present). The startling revelation demonstrates that of all the digital skills necessary for organisations amid a disruptive market, cybersecurity represents the biggest gap between demand for those skills and internal supply.

Globally, the nations which are currently best placed in terms of this skills gap are India and the US. The countries host a combined 32% of the world’s cybersecurity talent (16% each), while the UK actually hosts the third largest portion of such talent. 13% of the globe’s cybersecurity talent resides in the UK, the most of any EU nation – something which will please the champions of Brexit, as technological expertise is broadly seen by businesses as a key factor in the success of Britain in post-EU life. The UK is closely followed by France (12%), and Germany (11%), however, and while these nations are the best performers in terms of talent, they still exhibit a gap.

In terms of performance per business sector, meanwhile, insurance leads the way. Perhaps unsurprisingly, the risk-based industry is most effective at obtaining and retaining talent to battle the threats of cyber attackers, hosting 18% of cybersecurity talent. Banking and consumer products follow closely behind, at 16% each. Automotive and telecom round out the top five, with 13% each.

Profile of cybersecurity talent

“The cybersecurity skills gap has a very real effect on organisations in every sector,” says Mike Turner, Chief Operating Officer of Capgemini’s Cybersecurity Global Service Line. “Spending months rather than weeks looking for suitable candidates is not only inefficient it also leaves organisations dangerously exposed to rising incidents of cybercrime. Business leaders must urgently rethink how they recruit and retain talent, particularly if they wish to maximise the benefits from investment in digital transformation.”

The demand for precious cybersecurity talent is projected to grow over the next 2-3 years with 72% of respondents predicting high demand for cybersecurity in 2020, compared to 68% today. Set against increasing incidents of cyberattacks and the need for organisations to not only protect themselves but also maximise competitive advantage from digitisation, the report recommends a diverse range of human resourcing tactics for business leaders.

Train as well as expand

A large portion of cybersecurity talent believes that its skills will have become less, not more, relevant in the same timeframe. In fact, a higher proportion in the field feel their skillset will become redundant than the general workforce do. 39% of cybersecurity staff believe this will occur in the next 1-2 years, a figure which increases to 47% in the next 3-5 years. This suggests that, along with recruiting talent, firms will also need to double down on efforts to retraining existing staff in order to keep them up to speed with the shifting, increasingly digitalised economy.

Employees believe their skill set is or will be redundant

The report concludes that the implications of a cyberbreach for organisations are potentially devastating, from direct costs to reputational damage, and in spite of these risks, organisations are still struggling with a shortage of cybersecurity talent. By not only adopting talent acquisition initiatives, but also training, and retention strategies that will appeal to cybersecurity talent, organisations can take an important step in upgrading their cyber protection for the current and emerging risks of our connected world.

Keyaan Williams, President of the ISSA (Information Systems Security Association) International Board of Directors commented, “From my perspective, because compliance is such an important business driver, organizations’ focus is on hiring security professionals that are skilled in compliance and they often overlook the skills necessary for a holistic security and risk management program. For example, a security professional that understands risk management, business processes, and knows how to communicate.”