Trends in Cybersecurity: Security Skills Shortage
The issue of cybersecurity has become more prevalent in recent years. Hackers are finding new ways to adapt to the ever-changing technology market, and with every step forward in the innovation of technology, cybercrime takes a leap. What were the predicted trends for 2017, and have they come into fruition during the first few months of the year?
This article is part of a five-part piece which will be posted in subsequent weeks.
Part one – Trends in Cybersecurity: Popularity of Ransomware
Part two – Trends in Cybersecurity: IoT – Unsecured Hacker Targets
Part three – Trends in Cybersecurity: The threat from mobile devices
Part four – Trends in Cybersecurity: Security Skills Shortage
Trends in Cybersecurity: Security Skills Shortage
The first three parts of this series have focused on the cyber threats that had been predicted to gain in prevalence during 2017. In this final part, a key prediction for the other aspect of cyber security is considered – the people who are helping to protect individuals and businesses from these diverse and evolving threats.
The cyber security skills shortage is a big problem. A report by McAfee; released in January 2017 entitled ‘Hacking the skills shortage’; interviewed 775 IT and cybersecurity decision-makers. The study reported that 82% of respondents reported a shortage of cybersecurity skills within their company, and 71% agreed that the shortage of skills does direct and measurable damage to their business. Furthermore, it’s anticipated by 2019 there will be 1 to 2 million cybersecurity jobs that remain unfilled. The relationship between a shortage of cybersecurity skills and an exposure to hacking cannot be ignored – one in three argued that organisations with a shortage of cyber security skill are more desirable targets to cyber criminals.
In a study conducted by indeed.com in January 2017, Israel was identified as suffering from the largest shortage of cybersecurity skilled workers, followed by the UK. Comparatively, Israel also has the largest demand for cybersecurity skill; potentially due to their growth as a technology hub; closely followed by Ireland. All ten countries included in the survey identified a shortage of skills, and a number of countries in the study had a dramatic deficit when it came to the number of candidates for each security job posting (32% in the UK, 38.8% in Ireland and 66.7% in the USA). In the UK alone, this figure had dropped 5% since 2015.
However, things do appear to be evolving. 97% of respondents to McAfee’s survey said their organisation’s board of directors had begun to view cybersecurity as important. In addition, Indeed.com’s study identified that in Ireland, the USA, Italy, France and Germany that the skills gap had shrunk in 2017 versus 2015. In Ireland, there had been a 14% increase in the number of vacancies filled and in the US there had been an increase of 7%. In addition, some cybersecurity roles actually have a surplus of eligible candidates. For example in the USA, the number of candidates for CISO positions is more than double the number of available vacancies. (It can be argued this may be due to the high salaries and level of prestige associated with this type of role, but is definitely a sign of an adapting market)
So what does this mean?
For the cybersecurity professional, there is a plethora of employment options available for pursuit. The competition between different organisations to secure the best talent can help the candidate negotiate for a higher salary or better benefits package. For the employer, alternative strategies must be found to allow them to recruit new talent into the business. The easiest way of doing this is by training people on the job instead of looking for pre-qualified and pre-certified professionals.
The study by McAfee highlighted that many organisations presently value hands-on experience and certifications more than a Bachelor’s degree alone, but this stance may need to adapt alongside the current vacancy-rich climate. Recruitment of graduates into these companies is anticipated to move up the priority list , and on-the-job cybersecurity training within organisations may also become more commonplace for the remainder of 2017, as businesses adapt to the skills shortage.
An increase in cybersecurity outsourcing and automation has also been predicted. In the same McAfee study, respondents noted that they had made plans to outsource autonomous tasks such as threat detection through network monitoring. Therefore, this may be a key way for cybersecurity organisations to support companies throughout this shortage and also maximise their revenue potential.
This series of articles have reviewed and discussed the impact of cybersecurity during the first six months of 2017. During this time, the scale of these attacks has increased, and shows no sign of relenting.
It will be interesting to see how the remainder of the year will progress, and whether the cybersecurity landscape will be looking better, or worse by December 2017.
One thing is certain, when it comes to cybersecurity anything is possible.
Are you looking for a new role within cybersecurity? Click here to see our current global vacancies!