Every day we read of another company being hacked. Attacks outpace defense, and one reason for this is the lack of an adequate cybersecurity workforce. The cybersecurity workforce shortfall remains a critical vulnerability for companies and nations. Conventional education and policies can’t meet demand. New solutions are needed to build the cybersecurity workforce necessary in a
networked world.
The deficit of cybersecurity talent is a challenge for every industry sector. The lack of trained personnel exacerbates the already difficult task of managing cybersecurity risks.
The study of McAfee. (Part of Intel Security) quantifies the global cybersecurity workforce shortage and analyzes how companies and governments should approach cybersecurity workforce development to build a robust and sustainable pipeline of skills.
The countries selected for this study includes Australia, France, Germany,the United Kingdom (UK), and the United States (US), they reflect a diversity of sizes, educational systems, income levels, and political structures.
The study looked at four dimensions of their cybersecurity workforce development efforts: total cybersecurity spending, education programs, employer dynamics, and public policies.
Findings are based on open-source data, targeted interviews with experts, and an eight-nation survey of information technology (IT) decision makers in both public and private sector organizations.
Key Findings
■ Respondents in all countries surveyed said cybersecurity education was deficient. Eighty-two percent of respondents report a shortage of cybersecurity skills. More than three out of four (76%) respondents believe their government is not investing enough in cybersecurity talent.
■ This shortage in cybersecurity skills does direct and measurable damage, according to 71% of respondents. One in three say a shortage of skills makes their organizations more desirable hacking targets. One in four say insufficient cybersecurity staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data through cyberattack.
■ High-value skills are in critically short supply, the most scarce being intrusion detection, secure software development, and attack mitigation. These skills are in greater demand than soft skills in communication and collaboration. A majority of respondents (53%) said that the cybersecurity skills shortage is worse than talent deficits in other IT professions.
■ About half the companies surveyed prefer a bachelor’s degree in a relevant technical subject as the minimum credential required for entry into the field. The utility of a degree, however, is more in its market signal than its effectiveness in honing cybersecurity skills. Respondents ranked hands-on experience and professional certifications as better ways to acquire cybersecurity skills than a degree. Sixty-eight percent also said that hacking competitions (capture the flag exercises) play a role in developing critical cybersecurity skills within their organization.
■ Almost nine out of 10 respondents said that cybersecurity technology could help compensate for skill shortages. More than half (55%) of respondents believe that, in five years, cybersecurity solutions will be able to meet the majority of their organization’s needs. They also say they will respond to in-house talent shortages by expanding their outsourcing of cybersecurity. The solutions most likely to be outsourced are ones that lend themselves to automation and include threat detection (networking monitoring and access management).
■ More than three out of four (76%) respondents said their government is not investing enough in building cybersecurity talent, and the same percentage said the laws and regulations for cybersecurity in their country are insufficient. There is a public demand for political leaders to improve cybersecurity legislation.
■ Countries can change this shortfall in critical cybersecurity skills by increasing government expenditure on education, promoting gaming and technology exercises, and pushing for more cybersecurity programs in higher education.
