COMMENT
Globally, cybersecurity threats continue to accelerate in pace and scale with the rise of malware and deepfake attacks. Over a third of organizations worldwide have suffered a material cyber incident from malicious actors in the last year, while 73% have been affected ransomware attacks in 2023. These cyber attacks carry serious financial costs: the global damages are astonishing 8 trillion dollars every year. As attack surfaces continue to expand and cybercrime emerges as the largest in the world third largest economybehind only the United States and China, the time has come to act.
Cybersecurity professionals are key to addressing this problem. However, the global cybersecurity skills gap has reached a record high 4 million. In the UAE alone, a recent study finds that 66% of IT managers believe in their organization “the right people and processes are missing be cyber-resilient.” So why is there a growing disparity between the demand for IT workers and availability within the talent pool, and how can we address this problem?
What is driving the IT skills shortage?
There are many reasons for the ongoing cybersecurity skills shortage. First, as breaches increase year on year, there is continued high demand for high-quality cybersecurity professionals, such as experts in cloud security, threat intelligence analysis and incident response, and the supply of qualified people has not kept pace. For example, the Middle East and Africa have a total cybersecurity workforce of approximately 402,000 people but they need another 102,000 professionals to meet demand. This worker shortage means cybersecurity teams are overworked, time-poor, and struggle to identify and prevent threats in a timely manner, which leaves businesses vulnerable.
Additionally, there is a shortage of high-quality cybersecurity programs in schools and higher education institutions. While good examples exist, many programs have limited course offerings and outdated curricula. The result is a core group of candidates capable of identifying, assessing and mitigating cyber threats such as phishing attacks. Likewise, many current cybersecurity programs are not updated with the latest cyber threats, leaving a gap between the skills taught and those required in real-time scenarios.
Limited organizational funding for safety training is another contributing factor. According to a recent report, 31% of respondents cited lack of budget as a key challenge. Insufficient budget allocations mean organizations must contend with outdated technology and tools and struggle to prioritize employee training. This leaves critical systems and data exposed to potential breaches.
Three key ways companies can address the shortage
For companies looking to mitigate the effects of cybersecurity skills shortages, upskilling and reskilling staff through continuous training and learning is one of the most important steps. To do this effectively, companies must first conduct a comprehensive assessment of the existing skills within the organization and then determine the cybersecurity skills required based on the company’s industry, size and risk profile. Equally important is creating an environment that encourages a culture of continuous learning, helping staff stay up to date on the latest cybercriminal tactics, techniques and procedures.
We also need to move to a skills-based hiring approach, broadening the audience to only those with cybersecurity-related training, such as computer engineering degrees. Soft skills such as communication, teamwork and problem solving are also vitally important in our industry. Given the continuing skills gap and transferability of many cybersecurity skills, recruiting workers from outside the industry could meet hiring needs more quickly by tapping into a broader talent pool. It also offers the opportunity to employ more creative solutions against cyber threats.
Another way to address the shortage is to raise awareness among executives and decision makers about the importance of cybersecurity skills, the talent gap, and the economic and security implications. Corporate boards and government regulators must continually update their knowledge of developments in the cybersecurity landscape, as well as receive training to ensure they understand their roles in risk management and can make informed decisions.
Bottom line, as organizations across all industries and geographies continue to rely on digital technologies, we need a robust cybersecurity workforce to protect networks and data from emerging cyber threats. Going forward, the focus will need to be on upskilling staff, moving towards a skills-based hiring approach and encouraging greater collaboration between industry and government. To be most effective, companies must prioritize areas where demand for skills is growing, such as cloud security, and create an environment that supports the development of those skills.