Organisations need to focus on development and diversity and target traits over skills
Cyber attacks are increasing in prevalence and disruptive potential, and several high profile breaches and data leaks have acted as a major wake-up call as to just how vulnerable critical systems are to disruption and damage.
Recent years have also seen the threat landscape evolve – from sophisticated individuals to organised crime enterprises and the rise of state-sponsored hackers. These groups are targeting vertical sectors in a bid to cause harm, seize money and sabotage infrastructure, with several rogue nation states sponsoring economic espionage on an industrial scale.
Alongside inflicting serious reputational damage and harm, the commercial impact of these attacks is rising and expected to accelerate, particularly as cloud and IoT adoption continue. Lloyd’s of London estimates the global cost of a serious cyberattack to be more than £92 billion, while the UK government’s 2018 Cyber Security Breaches Survey found nearly half of UK businesses had fallen victim to cyberattacks or security breaches in the last year.
Quantifying the skills shortage
Cyber security is consistently rated as one of the most problematic skills shortage areas in the enterprise. In 2018, over 50 per cent of companies surveyed by the ESG (Enterprise Strategy Group) said this issue was impacting their business. Meanwhile, a recent survey commissioned by (ISC)2 identified a glaring skills gap on the horizon, projecting that the overall cyber security skills shortage is set to rise to 350,000 workers in Europe by 2022.
With cyber security professionals in short supply, many are under enormous pressure to meet the challenges of the modern cyber security environment. Understaffed firms are already fighting for top talent, but under significant resource pressure and battling relentless workloads, the risk of losing these vital personnel due to burn out and stress is increasing. Organisations need to apply some holistic thinking to address the impact.
Development, not recruitment
Recruiting new cyber talent is not the answer. To address the skills gap, organisations need to extend their talent pools in other ways. For example, the (ISC)2 survey found that 48 per cent of IT staff are looking to become certified in some form of cyber security. Implementing a clear career progression path for those taking on cyber security duties will help incentivise existing IT personnel to join the cyber security ranks.
Forward thinking chief information security officers (CISOs) are investing in increasing staff competencies and supporting career development through mentoring and training in a bid to enable the right expertise needed to counter today’s threat climate. But bolstering the cyber security workforce means businesses also need to broaden the range of potential candidates and focus their recruitment efforts on those from non-technical backgrounds to help ease the skills shortage.
Traits over skills
This means considering people with the potential to work in a collaborative and smart way to solve problems, for example ex-military veterans. Veterans Work, a collaborative research project led by the Officers’ Association, Deloitte and Forces in Mind Trust sets out a compelling business case for hiring veterans; they are problem solvers, ask the right questions, perform well in strategic management roles and the management and motivation of staff.