Cybersecurity Skills Gap: Why It Exists and How to Address It


It’s no secret that organizations face a severe cybersecurity skills shortage. Word has been circulating for a number of years that many high-paying positions that require cybersecurity skills remain unfilled.

Unfortunately, publicizing the cybersecurity skills gap hasn’t done enough to increase the cyber workforce. According to a study by the Information Systems Security Association (ISSA), the vast majority of cyber professionals (95%) believe the skills gap has not narrowed in recent years, and almost half (44%) believe it is getting worse has analyst firm Enterprise Strategy Group (ESG), a division of TechTarget.

how big is the gap Cyberseek reported that around 1.1 million people are employed in cybersecurity in the US, but over 700,000 vacancies are currently available. Around 3.5 million people are missing from the cyber workforce worldwide.

Understanding the cybersecurity knowledge gap and its implications

As companies compete to attract the scarce available talent, cybersecurity salaries continue to rise, meaning companies cannot afford to hire as many cybersecurity workers. The existing workforce is being asked to take on more work, which in turn leads to burnout, the ISSA study found.

The result is that businesses, government agencies, educational institutions, and other organizations have weaker security measures in place than they should, leaving all of their employees, customers, and constituents at increased risk of data breaches, data breaches, financial fraud, and other adverse consequences.

To close this huge gap, you need to understand why the cybersecurity skills shortage exists and persists. This article examines this and suggests several ways IT leaders and their organizations can address the underlying issues.

The 5 main causes of lack of cybersecurity skills

Many factors have come together to cause the cybersecurity skills gap. Here are the top five causes:

  1. The demand for cybersecurity talent continues to grow. Not only has nearly every business become completely dependent on technology, but the technology is also becoming increasingly complex. Securing today’s systems, networks and data against cyberattacks is tougher than ever as more security technologies and processes must work together. As a result, companies need to grow their cyber workforce and have a broader range of skills than ever before.
  2. The cybersecurity talent pool lacks diversity. According to a recent labor force study by (ISC)2, only about 25% of the global cybersecurity workforce is female. A survey by the Aspen Institute found that in the United States, 19% of the population is Hispanic, but only 4% of the cyber workforce is Hispanic. Native Americans and Black Americans are also significantly underrepresented in cyber careers.
  3. Employers have unrealistic expectations. Cybersecurity job descriptions often require college degrees, multiple certifications, and years of experience in a variety of security disciplines. Many candidates who would be beneficial to organizations do not apply for these positions because they assume the requirements are genuine. Others apply but don’t even get a call back because they lack a degree or sufficient practical experience.
  4. Staff don’t keep their skills up to date. The challenges employers face change over time, such as: B. the increasing reliance on cloud security and evolving threats to data and systems. But employees are so overworked that they often don’t have the opportunity to learn new skills, attend training, take online classes, or earn new certifications. And these are not just technical skills – soft skills such as communication are also in demand.
  5. Cybersecurity professionals are leaving the profession. Alarmingly, a recent survey found that more than a third of cybersecurity workers are planning a career change. There is a major employee retention problem, due in large part to constant staff shortages and the incredible pressure of many cybersecurity jobs. As people leave the field, the shortage gets worse, causing more people to leave the field.
Learn more about the cybersecurity skills gap
Here are five reasons why the cybersecurity skills gap continues to widen, and three ways organizations can address the problem.

3 ways organizations can close the cybersecurity skills gap

There is no way to close the cybersecurity skills gap overnight, but organizations can start making progress today by doing three things:

  1. Tap into underrepresented communities. Prioritize reaching out to women, Hispanics, and other overlooked communities. Educate members of these communities about the incredible range of opportunities in cybersecurity and show them how to break into the workforce. Make sure your recruiting and hiring practices take diversity into account. Consider offering paid internships.
  2. Build skills primarily in-house rather than hiring experts. Organizations can tap into a much larger pool of employees if they relax work demands and instead plan to build cyber skills in-house by providing training, education and certification support for new hires to bring them up to speed. Empower new grads, veterans, entry-level professionals, and individuals with an interest and aptitude in cybersecurity to learn and advance. College degrees, certifications, and years of experience are simply not necessary for success in most cybersecurity roles.
  3. Support your existing talent. Burnout is widespread in many organizations today. Especially with such a shortage of qualified employees, it’s easy for anyone who is dissatisfied to leave your company and find a better opportunity elsewhere. However, there are also critical cybersecurity requirements that must be met. Here are some strategies to support your existing workforce so they are less likely to leave:
    • Whenever possible, automate routine tasks—especially those that are repetitive and boring or stressful. This will help reduce your workload and provide interesting, less stressful work for your employees.
    • Consider using managed security services, particularly for monitoring, analyzing, and responding to after-hours incidents. Small businesses may want to outsource most of their security services entirely to reduce the need for dedicated cybersecurity staff, and instead train their IT staff to also handle occasional cybersecurity tasks.
    • For particularly stressful or demanding positions, consider job rotation. An example is the rotation of security personnel to an off-site position after 12 or 18 months. This can help prevent burnout and allows employees to build additional skills that make them more valuable to your organization.
    • When your employees take time off for vacation, sickness, or otherwise, actually let them off work. Everyone needs a break from work; Expecting employees to continue to report to work while they are away – and especially when they are on call or providing operational support – is unfair to them and will certainly foster resentment. This can be a big culture shift for your employees, but it will likely be worth it, both for retaining existing employees and attracting new ones.

Next Steps

Cybersecurity Outlook 2022: Consultants name 5 trends

Top 10 cybersecurity best practices to protect your business

5 tips to build a cybersecurity culture in your organization

Cybersecurity Governance: A Path to Cyber ​​Maturity


This was last published in Aug 2022


Dive deeper into careers and certifications

Leave a Reply

Your email address will not be published. Required fields are marked *