Research into the talent shortage afflicting the cybersecurity industry finds that 85% of organisations believe the workforce shortage is impacting their organisations’ abilities to secure increasingly complex information systems and networks, while almost a third (30%) of the current workforce plans to change professions in the future.
“Our industry is already 2,72-million people short. Cultivating and nurturing a cybersecurity workforce for our future requires expanding who we view as talent and changing our practices across the public and private sectors,” says Bryan Palma, CEO of Trellix. “Closing the cybersecurity talent gap is not only a business imperative, but important to national security and our daily lives. We need to remove barriers to entry, actively work to inspire people to do soulful work and ensure those in the field are retained.”
The findings are based on a Vanson Bourne survey, commissioned by Trellix, of 1 000 cybersecurity professionals in several countries around the world, including Brazil and India across a variety of sectors.
“The research addresses global issues that affect businesses and governments everywhere in the world, with South Africa public and private sector organisations being increasingly vulnerable to cyber-attacks due to a distressing lack of skills and emigration rate,” says Carlo Bolzonello, country lead for Trellix in South Africa. “The industry offers great opportunities for people with varied backgrounds – analytical and inquisitive people learn the ropes quickly, and build successful careers quickly.
“The research highlights the major issues that have led to the skills gap that impacts the sector so much,” Bolzonello adds.
More Education is Needed. As threats from nation-state actors and cybercriminals grow in volume and sophistication, the worldwide shortage of cybersecurity professionals grows as well. While some countries like Russia and China invest deeply in nurturing cybersecurity talent through state-funded education, many nations are without dedicated programs. Trellix sought to understand education levels and attitudes of professionals and found over half (56%) believe that degrees aren’t needed for a successful career in cybersecurity. The survey also found:
- Support for development of skills (85%) and with certifications (80%) were selected as highly or extremely important factors for the industry to address to expand the workforce.
- Efforts to promote cybersecurity careers (43%), encouraging students to pursue STEM-related careers (41%), and further funding support (39%) were most likely to be ranked within the top three areas that would attract people to work in the cybersecurity industry.
- 94% state that their employers could be doing more to encourage community mentoring programs with a presence in K-12 schools.
Diversity Drives Better Outcomes. When it comes to encouraging more people to consider a career in cybersecurity, respondents reported inclusivity and equality for women (79%), diversity of the cybersecurity workforce (77%) and pay gaps between different demographic groups (72%) as highly or extremely important factors for the industry to address. Of the cybersecurity professionals surveyed, 78% are male, 64% white and 89% straight, and a large majority of respondents (91%) believe there needs to be wider efforts to grow the cybersecurity talent pool from diverse groups. Additional findings include:
- Most respondents (92%) believe greater mentorship, internships, and apprenticeships would support participation of workers from diverse backgrounds into cybersecurity roles.
- 85% note a lack of understanding of the varied opportunities available in cybersecurity limits the number of those working within a cybersecurity profession today.
- Those surveyed believe their employers could be doing more to consider employees from non-traditional cybersecurity backgrounds (94%) and 45% report having previously worked in other careers.
Cybersecurity is Soulful Work. The survey found the vast majority (94%) believe the role of those working in cybersecurity is greater now than ever before and a similar number (92%) report cybersecurity as purposeful, soulful work that motivates them. However, cybersecurity professionals are hungry for recognition, with 36% noting they feel a lack of acknowledgement for the good done for society and of those looking to leave the field, 12% say it is due to lack of feeling appreciated. The survey discovered:
- More than half (52%) report working within cybersecurity because it’s progressive and evolving and because they enjoy exploring challenging new trends.
- 41% report cybersecurity is continuously growing in relevancy and roles will always be accessible as a reason for staying in the profession.
- Around one in five (19%) also note they value doing something to help society for the greater good.
Trellix recently released its In the Crosshairs: Organisations and Nation-State Cyber Threats report which found organisations report limited cybersecurity skills and a need for support to recruit and train additional staff as barriers to protect themselves against nation-state cyber threats. Trellix also recently published Path to Cyber Readiness – Preparation, Perception and Partnership, which notes in-house cyber skills issues were reported by 49% of US government agencies.