Expanding cybersecurity workforce aids security, yet staff deficits persist, leaving firms vulnerable

In the rapidly evolving digital landscape, corporate stakeholders are showing a growing interest in understanding the risk calculus of their technology stacks. This heightened awareness is driven by the need to safeguard their organisations from potential cyber threats.

According to a recent study, staff shortages are a direct concern for 60% of respondents, posing risks to their organisations. The global cybersecurity workforce has been on an upward trajectory, with a 30% increase in the U.S. alone in 2021, growing from 879,157 cybersecurity workers in 2020 to over 1.1 million in 2021. However, the global cybersecurity workforce expanded even further, reaching 4.19 million professionals in 2021, a 20% increase from the previous year.

One-third of global cybersecurity professionals cited system misconfigurations as a consequence of staffing shortages. This highlights the importance of having a well-trained and adequately staffed cybersecurity team. The makeshift approach to learning cybersecurity skills, while a decades-old concept, has evolved, with more cyber-specific training now available.

The study also revealed that the shortage of cybersecurity personnel is a pressing issue. Of the professionals surveyed, 17% came from entirely unrelated fields, 15% started in cybersecurity by way of certifications, and 15% learned cybersecurity on their own. This suggests that there are multiple avenues for individuals to enter the cybersecurity field.

The federal government, under the leadership of National Cyber Director Chris Inglis, has recognised the importance of addressing the human factors in cybersecurity. Inglis emphasised the need for developing more cyber talent during his June confirmation hearing. He also highlighted the federal government's role in curating and sharing resources for developing critical thinking skills and cyber literacy in grade school.

Inglis further emphasised that the federal government has the power to exchange best practices, create ideas, and inspire new ways of developing cyber talent. The federal government's role extends beyond just providing resources; it also involves fostering an environment that encourages the growth of cyber talent.

Interestingly, more than half of today's cyber talent comes from backgrounds outside of IT. This trend is more prevalent among Gen Z and millennials in the cybersecurity workforce, with only 38% of younger generations transitioning from IT, compared to 53% of Gen X and Baby Boomers.

Corporate stakeholders are not just concerned about the quantity of cybersecurity professionals but also about the quality. They want to know if their organisations are potential targets. Three in 10 global cybersecurity professionals stated that staffing shortages made organisations slow to patch, while three in 10 blamed staffing shortages for not allowing enough time for proper risk assessment and management.

Organisations like (ISC)² are advocating for more effort to ensure the broad and nuanced cybersecurity profession is less reliant on IT as the predominant pathway. Cybersecurity tends to favor problem-solvers, with technical expertise coming later. This shift in focus could open up new opportunities for individuals from diverse backgrounds to enter the cybersecurity field.

In conclusion, the cybersecurity talent gap is a pressing issue that requires a multi-faceted approach. By recognising the importance of human factors, fostering diverse pathways into the field, and encouraging continuous learning, we can build a robust cybersecurity workforce capable of meeting the challenges of the digital age.