New research shows corporate demand for cybersecurity skills is rising faster than internal supply, with innovative thinking needed to plug the gap – both in the acquisition and retention of key talent.
A new report by Capgemini’s Digital Transformation Institute highlights an urgent and growing cybersecurity talent gap, calling for new recruitment and retention strategies to help organisations contain cyber risks and build competitive advantage.
The report, Cybersecurity Talent: The Big Gap in Cyber Protection, demonstrates that of all the digital skills necessary for organisations with aspirations of digital leadership, cybersecurity represents the biggest gap between demand for those skills and internal supply.
The report surveyed over 1,200 senior executives and front-line employees and analysed social media sentiment of more than 8,000 cybersecurity employees. Sixty-eight percent of organisations reported high demand for cybersecurity skills compared to 61 percent demanding innovation skills and 64 percent analytics skills. Demand for these skills was then set against the availability of proficient skills already present in the organisation.
This identified a 25 percentage point gap for cybersecurity skills (with 43 percent availability of proficient skills already present in the organisation), compared to a 13 percentage point gap for analytics (51 percent already present) and a 21 percentage point gap for innovation (40 percent already present).
“The cybersecurity skills gap has a very real effect on organizations in every sector,” says Mike Turner, Chief Operating Officer of Capgemini’s Cybersecurity Global Service Line. “Spending months rather than weeks looking for suitable candidates is not only inefficient it also leaves organisations dangerously exposed to rising incidents of cybercrime. Business leaders must urgently rethink how they recruit and retain talent, particularly if they wish to maximize the benefits from investment in digital transformation.”
The demand for precious cybersecurity talent is projected to grow over the next 2-3 years with 72 percent of respondents predicting high demand for cybersecurity in 2020, compared to 68 percent today. Set against increasing incidents of cyberattacks and the need for organisations to not only protect themselves but also maximize competitive advantage from digitization, the report recommends a series of tactical priorities for business leaders.
Priority 1 – integrate security
The first priority for companies is to assess how well security is integrated across the organisation. What is the culture of cybersecurity outside the team with direct responsibility for keeping data protected? How security-savvy are app developers and network managers?
“It’s important to make the organisation as a whole better at cybersecurity, aligning the enterprise with principles and processes that are secure from the ground up,” explains Mike Turner. “Get the basics right, in terms of application development. Develop secure code. Make your network engineers and cloud architects better at securing the cloud. That’s a good way to fight the skills gap, because it teaches the organisation to be secure by design.”
Priority 2 – maximize existing skillsets
“Another priority is to look at the, as yet, unrecognised cybersecurity skills that lie within. Half of all employees are already investing their own resources to develop digital skills[1], showing an appetite to upskill. Organisations that struggle to recruit externally may be able to uncover candidates with adaptable skillsets who can be trained. Those functions with complementary and transferable skills include network operations, database administration and application development.”
In addition, companies should look at the requirement to embed security into every service and application and hire business communicators to complement the technical skills in their team. Business analysts and technical marketers could be transferred to cybersecurity roles to enable the company-wide adoption of best practice.
Priority 3 – think outside the box
A third priority is for organisations to think beyond the normal recruitment strategies and understand the root skills of cybersecurity. Look at traits and skills present in completely different job roles and interview candidates the organisation might not usually consider. Those currently in math roles for example, are often highly skilled at pattern recognition. “Thinking outside the box is about understanding the transferable skills,” adds Mike Turner. “For example, people on the autism spectrum are fantastic at pattern spotting and are often blessed with numerical and problem-solving skills, attention to detail and a methodical approach to work – all useful traits for cybersecurity best practice.”
Priority 4 – strengthen retention
The final report recommendation looks at retention of talent. In a highly competitive recruitment market, organisations must also look at engagement of existing employees to ensure talent gaps don’t worsen.
The report reveals that cybersecurity employees value organisations that offer flexible working arrangements, encourage training and prioritise clear and accessible career progression. Within the new report, a difficult work-life balance was discussed as one of the five worst aspects of the job by cybersecurity professionals on social media and a main reason why they leave or remain dissatisfied with their company. The clear majority (81 percent) of cybersecurity talent agreed with the statement: “I prefer joining organisations where I have a clear career development path” compared to 62 percent of all respondents in our survey.
[1] Report published by Capgemini in conjunction with LinkedIn: “The Digital Talent Gap—Are Companies Doing Enough?”
