Sourcing cyber security skills: There is no single answer

As far back as 2011, cyber security commentators began to write about the industry’s skills shortage. So what’s happened since?

Now in 2018, the winners in cyberspace will be those who have access to cyber security talent and the losers those who don’t. The last few years have seen our investment in security technologies and controls grow – the challenge now is how we use those investments to protect our assets and manage risk, in an increasingly uncertain world. If you can’t attract, develop and retain highly valuable cyber resources, then it’s wise to work with organisations who can.

Empty seats

According to Cisco, there are millions of unfilled cyber security roles today. And the Center for Cyber Safety and Education predicts a 1.8 million shortfall in the number of information security workers by 2022.

It’s not bluster to say the problem has mushroomed – almost 75% of organisations say it’s getting harder to hire skilled security staff. Geography adds another dimension with many skilled cyber security professionals tending to be clustered in just a few countries: the UK, the US, Germany, and Israel especially. If it seems hard to hire cyber security skills in these countries, the market is even tougher elsewhere.

Be prepared to pay

From 2016-17, the UK cyber security sector saw salary rises top 10%. That’s against a backdrop of 2.3% rises for IT staff who don’t work in cybersecurity.

Although it’s arguably expensive to hire cybersecurity professionals, it’s not as costly as the predicted $6 trillion annual damage cybercrime will cause by 2021 according to a Cybersecurity Ventures report.

The cost of ignoring the problem

A recent survey by the Information Systems Security Association found that 70% of respondents said the shortage of cyber security skills has affected their organisation.

More worryingly, almost 62% of respondents said that training hadn’t kept up to speed with business and IT risk. That number is up almost 10% from the previous study.

Building skills takes time

When it comes to training, the industry is playing catch-up. But there are some encouraging signs to overcome the skills gap: in the US, a pilot programme is re-skilling military veterans in cyber security. And the UK’s National Cyber Security Centre is working to encourage young women into the industry, as well as running school holiday courses to encourage school students to consider cyber security as a career.

Elsewhere, there’s a longer term move to transform cyber security into a ‘trade’, one that can be taught far more broadly than it is at the moment.

So what’s the solution?

Some of the industry’s focus on building capacity is encouraging, but the truth is that there’s no quick fix to the skills shortage. In the meantime, there are certain steps you can take.

1. Tell key suppliers you expect them to embed security (and prove it) into the services they offer today, so that there’s less “bolting on” of solutions.
2. Look for opportunities for the automation of tasks, so you are able to point your skilled resources at value-added activities instead.
3. Supplement skill gaps with services.   You can better recognise and bridge the gaps by working with trusted cyber security partners who already possess the skills needed.

Until the supply of talented cyber security professionals improves, taking these steps and ensuring you have the right security partners is key. Work with partners who can help you to identify what you need to protect your business and, critically, can equip you to bounce back from the worst – don’t be held back by a lack of skills in the short term.

Cyber security is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodafone provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. We are trusted by organisations globally, including utilities, financial institutions and government agencies. For more cyber security, insights, you can find us on LinkedIn.