Demand for Cybersecurity Personnel to Increase

A dwindling talent pool is forcing many businesses to compete in earnest for cybersecurity personnel but what many don’t realise is that they can expect demand to increase over the next few years.

The Department for Culture, Media and Sport (DCMS) previously predicted that there would be an annual shortfall of 10,000 new entrants but in May of this year that was revised to 14,100. This will be cumulative, meaning the gap will widen over the coming years and such shortages don’t just mean jobs stay unfilled – they have a very real impact on the ability of the business to stay secure.

Understaffed and overexposed

In the ‘Global Cybersecurity Outlook 2022’ report, The World Economic Forum (WEF) revealed that almost 60 percent would “find it challenging to respond to a cybersecurity incident owing to the shortage of skills within their team” and the ISACA State of Cybersecurity 2022 report found 73 percent regarded their business as significantly understaffed. The ISC(2) Cybersecurity Workforce Study has revealed that these staff shortages are leading to misconfigured systems, were slowing system patching, and were resulting in lack of oversight, insufficient risk assessment, lack of threat awareness and rushed deployments.

Worryingly, the WEF also found that business executives were less concerned about the shortfall than those within the security department, which means there is probably very little appreciation that the security stature will gradually become more eroded over time.

It's a situation further exacerbated by the short time many cybersecurity personnel spend in their positions. For the past decade the average time a Chief Information Security Officer (CISO) stays in a post has been just two years, according to Verizon’s Payment Security Report, meaning that 35% of CISOs at any one time were new to the job. This then tends to hobble security plans which typically span five to ten years.

Holes in the security continuum

So where can we expect the holes to appear? Certain roles are certainly proving harder to recruit than others. The DCMS found the highest demand was for security engineers (35%) followed by security analysts (18%), security managers (14%), security architects (11%) and security consultants (9%).

Fortinet’s 2022 Cybersecurity Skills Gap report, which takes a global view, found demand was highest for cloud security specialists, SOC Analysts and Security Administrators and Security Architects while the ISACA report found the top five security skills were in cloud computing, data protection, Identity Access Management, Incident Response and DevSecOps.

To make matters worse, it’s also proving hard to keep hold of talented staff with 60% of businesses revealing in the ISACA survey they’ve had staff poached by rivals. Staff leaving have also cited poor renumeration, limited job progression or promotion opportunities, high stress levels and a lack of support and the reasons for their resignation. The DCMS report claims 11 percent of the cyber workforce have left since 2020 (of which 9 percent chose to do so) which is almost double the number anticipated. But it’s here where there’s a glimmer of hope. Address these issues, and businesses will find it easier to both attract and retain talent.

What can businesses do?

There’s obviously a ceiling when it comes to how much businesses can afford to pay but they can make their workplace a more attractive one by being transparent about both pay structures and career progression. The cybersecurity sector is notorious for its convoluted career paths, so much so that the UK Cyber Security Council has developed career maps to help resolve this issue and is intent on producing detailed pathways to show how professionals can progress through 16 specific careers by 2025. So businesses that provide this level of detail will be perceived as more committed to their staff.

Stress levels are another major issue with 45% considering quitting the industry entirely due to this factor, according to the Voice of SecOps report. Again, businesses can reassure candidates by being open and honest about the mental wellbeing support they offer and their planned investment in automation to do the heavy lifting. On-the-job support in the form of mentoring is also hugely beneficial but again there needs to be a clear overview of how this will be provided, from timetabling time with the mentor to the level of training on offer.

All too often, training is left off the job specification or assumed when in fact it can be viewed as a big plus by the candidate, and there’s a very real danger of it being culled as businesses make cutbacks. Only 62% of businesses have employees with or working towards a cyber-security related qualification or certified training and only 21% provided their cyber security staff with training relevant to their role over the last year, according to the DCMS.

Extra resource

But there’s also no getting away from the fact that it’s going to take time for new entrants to emerge and this means businesses will need to think laterally. Many are now looking to recruit from within the business, by upskilling existing employees. The DCMS report found 85% fulfilling cyber roles had transitioned from a non-cyber role and even in cyber security businesses, 27% were recruited or joined from a non-cyber role.

Businesses are also diversifying and increasing their intake of neuro diverse, ethnic minorities and women. The UK Cyber Security Council estimates that 17% of cyber professionals are now from ethnic minority backgrounds and 9% are neurodiverse while a Microsoft survey reveals 18% are women, suggesting there’s a pool of untapped talent. However, another DCMS report – Understanding the Cyber Security Recruitment Pool – reveals that many of these potential candidates are being screened out too early in the process due to an overemphasis on additional qualifications, so there’s a real need to reappraise job specifications and to focus not just on technical skills but also soft skills.

We’re in for a tough few years ahead due to inflation, shrinking budgets and a growing skills gap which means businesses must begin to think now about what they can do. If they don’t, they’ll almost certainly find their systems become more exposed and susceptible to attack due to a shortage of security personnel.

OpenAI Takes Aim at Google Search With SearchGPT

Beyond the AI Hype: The Challenges AI Brings to the IT Industry

What is a Prompt Engineering? How to Make LLMs Better

What is a Stochastic Parrot? Understanding the Hidden Flaw in LLMs

Data Mastery: Driving Business Growth with MDM and AI Innovations

Breaking Barriers With Accessible Data Visualization

Teradata and The Very Group: Innovating with Analytics to Help Families Get More

Teradata and Brinker: AI and the Cloud Serve Up Sizzling Food

How a Labour Government Will Change UK Tech, According to Experts

Top 10 Best Public DNS Servers for 2024

What is Engagement Farming and is it Worth the Risk?

Meta to Dissolve 'Reality Labs' Division as Layoffs Loom

Top 10 ERP Software and Systems for 2024

Top 10 SD-WAN Providers to Consider in 2024

Top 10 Best DCIM Software Solutions for 2024

Opentelemetry: The Key to Unified Telemetry Data

Secureworks & IDC MarketScape: Worldwide MDR 2024 Vendor Assessment

Secureworks: 10 Security Controls to Reduce Risk

NHS Suffers Blood Shortage as Cyber Attack Disrupts Donations

Why the Cybersecurity Industry Needs Podcasts

1 TB of Disney Data Leaked in NullBulge Cyber Attack

Why did Yik Yak Fail? How the Messaging App Died

What Happened to AltaVista? The Rise and Fall of a Search Pioneer

What is an AI Skeleton Key? Microsoft Warns of New Vulnerability

OpenAI Takes Aim at Google Search With SearchGPT

NHS Suffers Blood Shortage as Cyber Attack Disrupts Donations

What is a Prompt Engineering? How to Make LLMs Better

What is a Stochastic Parrot? Understanding the Hidden Flaw in LLMs

Data Mastery: Driving Business Growth with MDM and AI Innovations

Beyond the AI Hype: The Challenges AI Brings to the IT Industry

Why the Cybersecurity Industry Needs Podcasts

Breaking Barriers With Accessible Data Visualization

Top 10 ERP Software and Systems for 2024

Top 10 MFA Providers and Software Tools for 2024

Top 10 Best Data Quality Tools for 2024

Top 10 SD-WAN Providers to Consider in 2024

Secureworks & IDC MarketScape: Worldwide MDR 2024 Vendor Assessment

Secureworks: 10 Security Controls to Reduce Risk

AuditBoard: Digital Risk Report 2024

AuditBoard: IT Risk and Compliance Platforms

Cybersecurity Luminary Stephen Khan to Receive Prestigious Hall of Fame Award at Infosecurity Europe

Leadership powerhouse Claire Williams OBE reveals how to navigate change and develop a strong team culture at Infosecurity Europe 2024

Digital Transformation Week Unveils Keynote Topics: Empowering Enterprises with Real-World Insights

Generative AI and Deepfake Expert, Henry Ajder to discuss the impact of generative AI on cybersecurity at Infosecurity Europe 2024

"Everyone's Talking About AI in Cybersecurity!" | TG Singham @ Infosecurity Europe

"You Need to Test that Your Backup Plan Actually Works!" | Kim Larsen @ Infosecurity Europe

"There's a Disparity Between Threat Actors and Security Teams" | Koryak Uzan @ Infosecurity Europe

"There's an Information Overload for Cybersecurity Teams!" | James Johnson @ Infosecurity Europe

More from Jamal Elmellas

Jamal Elmellas

Recommended for you

OpenAI Takes Aim at Google Search With SearchGPT

Secureworks: 10 Security Controls to Reduce Risk

NHS Suffers Blood Shortage as Cyber Attack Disrupts Donations

Why the Cybersecurity Industry Needs Podcasts

Top 10 MFA Providers and Software Tools for 2024