The cybersecurity skills shortage continues to have multiple challenges and repercussions for organisations, including the occurrence of security breaches and subsequently loss of money.
As a result, the skills gap remains a top concern for C-level executives and is increasingly becoming a board-level priority, writes Sandra Wheatley, senior vice-president: marketing, threat intelligence and influencer communications at Fortinet.
Fortinet’s 2022 Cybersecurity Skills Gap Report suggests ways the skills gap can be addressed, such as through training and certifications to increase employees’ education.
According to (ISC)2’s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets. While the number of professionals needed to fill the gap has decreased from 3,12-million down to 2,72-million in the past year, this is still a significant void that leaves organizations vulnerable.
Fortinet’s report demonstrates multiple risks resulting from the cybersecurity skills gap. Most notably, 8 in 10 organizations surveyed have suffered at least one breach they could attribute to a lack of cybersecurity skills or awareness. The survey also showed that globally 64% of organisations experienced breaches that resulted in loss of revenue, recovery costs and/or fines.
Given the increasing costs of breaches on organizations’ profits and reputation, cybersecurity is becoming more of a board level priority. Globally, 88% of organizations that have a board of directors reported that their board asks questions specifically about cybersecurity. And 76% of organisations have a board of directors who has recommended increases in IT and cybersecurity headcount.
Fortinet’s skills gap report demonstrated that training and certifications are critical ways organizations seek to further tackle the skills gap. The report revealed that 95% of leaders believe technology-focused certifications positively impact their role and their team, while 81% of leaders prefer to hire people with certifications.
Additionally, 91% of respondents shared they are willing to pay for an employee to achieve cyber certifications. One major reason for certifications being highly regarded is due to their validation of increased cybersecurity knowledge and awareness.
In addition to valuing certifications, 87 percent of organizations have implemented a training program to increase cyber awareness. However, 52% of leaders believe their employees still lack necessary knowledge, which raises question around how effective their current security awareness programs are.
A significant challenge for organisations has been finding and retaining the right people to fill critical security roles ranging from cloud security specialists to SOC analysts. The report found that 60% of leaders admit their organization struggles with recruitment and 52% struggle to retain talent.
Among hiring challenges is the recruitment of women, new college graduates and minorities. Globally, seven out of 10 leaders see the recruitment of women and new graduates as a top hiring hurdle and 61% said hiring minorities has been challenging.
As organisations look to build more capable and more diverse teams, 89% of global companies have explicit diversity goals as part of their hiring strategy according to the report.
The report also demonstrated 75% of organisations have formal structures to specifically recruit more women and 59% have strategies in place to hire minorities. Additionally, 51% of organisations have efforts in place to hire more veterans.