Technology is evolving at a pace that security experts are struggling to keep up with. As we mentioned in an earlier blog, IoT creates a huge risk for any business, especially those in manufacturing since the small devices are easily hacked.
Increased vulnerability has lead the cybersecurity industry to a 3 million person shortage, which is expected to worsen by 28% for 2026.
So, how can your company get solid protection despite the shortage?
In this blog, we describe the shortage better, and share how you can overcome the talent gap.
There is no one reason why there is such an incredible cybersecurity labor shortage, but rather a number of reasons contributing to a perfect storm:
Large companies are scrambling to snap up available personnel amidst a cybersecurity workforce shortage, paying top dollar for security engineers. The risk of not acquiring the right talent is the possibility of a breach that could take years to recover from.
Smaller companies are actively being targeted by hackers as a route to gain access to these companies larger partners and customers. Unfortunately, these smaller companies can’t compete with high salaries offered by big businesses and find themselves exposed.
Help is on the way, but not soon enough. Colleges and universities now have cyber-related degrees, and concentrations in cybersecurity. This has created a pipeline of new talent, though this pipeline alone will not address the current cybersecurity talent gap. Other programs to encourage women and veterans to enter cybersecurity have also been put in place to help mitigate the shortage. This training still takes time, and it will be years before the effects of these programs provide relief to the labor market.
Evolving regulatory requirements have touched almost every industry in the world, and as a result most companies have assigned information security responsibility to an executive in the company - either in a dual role, such as COO and Chief Information Security Officer or as a full-time CISO. These policy-heavy roles have driven the majority of cybersecurity programs in colleges to focus on policy planning and compliance audits, and less on hands-on activities. Because of this, the biggest gaps in cybersecurity talent appear in the practical hands-on roles for performing real-world security tasks:
Many candidates will possess a subset of these hands-on skills, leaving it to the employer to decide which ones are the most critical now while the others are learned. Finding the right combination at the right salary will be a challenge, depending on how competitive a company can afford to be.
One of the biggest cybersecurity skill gaps in candidates is soft skills, or the ability to interact and communicate to non-technical peers. This is one of the hardest skills to learn, and should be prioritized when evaluating a candidate’s abilities. A candidate with good soft skills can be taught additional technical skills.
AI and machine learning are revolutionizing the cybersecurity industry as a whole. These tools can assess billions of log entries across multiple locations in a fraction of the time a team of humans could accomplish the same task. Using a combination of pattern matching, heuristics and anomaly detection, AI can detect more security threats earlier, and faster than ever. This capability is great for a company’s security posture, but each of those threats needs to be analyzed and investigated individually, requiring human interaction by a cybersecurity expert.
One of the universal benefits of AI is that it can help by enabling one person to do the work of many. In cybersecurity, that one person needs to be a highly skilled security expert to be able to address threats identified by AI. Ultimately, AI will increase demand on the already strained labor pool for cybersecurity.
There are some actions CEOs should take to protect their companies: