Filling the widening Filling the widening
Filling the widening CYBERSECURITY SKILLS GAP
In recent years, cyber has become the most common type of crime, accounting for nearly 50% of all crime in the UK alone. The prevalence of these attacks is plain to see, with reports of hacks on businesses, governments and even elections filling our airwaves and newspapers on a daily basis; elevating it beyond a technical issue into a business risk. Needless to say, organisations must do more to protect themselves and the valuable data they hold. But to do this, they need more staff. As far as I can remember, cybersecurity has long faced a gap between the supply and demand of professionals, leaving businesses, and by extension us, vulnerable to vicious cyberattacks. Our research programme, the (ISC)2 Global Information Security Workforce Study, has tracked the state of the workforce over the past
40
Cyber Security Mag
thirteen years, with its most recent report – which surveyed over 19,000 professionals from our industry – revealing a widening chasm; a projected shortfall of 1.8 million cybersecurity workers worldwide by 2022, if current hiring trends continue. This is up 20% from the same figure projected in 2015’s report, and the issue is directly leading to data breaches, impacting us as consumers. A SKILLS CLIFF EDGE The lack of professionals entering our profession has a two-fold impact on the profile of the workforce. Not only is it not increasing at a rate fast enough to fill the necessary roles, it has also led to a greying workforce, with just 12% of workers under 35, and 53% over 45. The profession faces a looming skills cliff edge, with the majority of workers getting clo-
ser to retirement and companies failing to recruit long-term replacements. As the fastest growing demographic, millennials will be critical for filling the employment gap, but I believe existing attitudes must change if we are to entice valuable candidates. Recruiters are currently not hiring enough recent university graduates, instead opting for those with more prior experience – 93% of respondents indicated that this is an important factor when making their hiring decisions. Yet, employers could be doing much more to attract and retain younger people. The study found that millennials value organisation training, mentorship and leadership programmes. As a demographic that holds personal development in such high regard, businesses need to be catering to these needs to attract crucial young talent.
IMPROVING GENDER DIVERSITY In addition to the widening skills gap, diversity within the workforce remains low. Our study also revealed that women form just 7% of the workforce worldwide in Europe; a level that has remained virtually unchanged since 2004. There are also signs of a rampant gender pay gap, with male professionals in Europe earning £9,100 more on average than his female counterpart. This is despite Europe’s female cybersecurity professionals tending to be better educated, with a higher proportion of them occupying managerial positions. In the UK for example, 50% of female cybersecurity professionals hold postgraduate degrees, compared to just 37% of men, with 64% of women in managerial positions compared to 57% of men. A workplace where women are both paid less and more likely to be subject to discrimination can make it harder to promote such a profession to women. The lack of women also creates a self-perpetuating cycle with few established female role models to encourage the new generation. But there are clear steps that can be taken to attract more women into cyber, and at the same time address the growing need for more staff. Much like with millen-
nials, employers need to create inclusive work places that support and value women, via sponsorship and mentorship programmes that tie to the success and satisfaction of women at all levels. Equally as important, organisations must end pay inequity, and also draw from a wider set of backgrounds and degrees, including humanities and arts degrees, where there tend to be higher proportions of females. Fundamentally, this is no longer just an issue of increasing workforce diversity, but an issue of economic and national security. The cybersecurity skills gap is growing wider every time we survey our workforce, and governments across the world are recognising that cyberattacks are critical national vulnerabilities. Attracting more millennials and women into the industry would not only significantly help reduce this shortfall in skills, but by diversifying the workforce, it will provide the necessary basis for a safer world, especially in today’s increasingly plugged-in society. By Adrian Davis
Cyber Security Mag
41
In recent years, cyber has become the most common type of crime, accounting for nearly 50% of all crime in the UK alone. The prevalence of these attacks is plain to see, with reports of hacks on businesses, governments and even elections filling our airwaves and newspapers on a daily basis; elevating it beyond a technical issue into a business risk. Needless to say, organisations must do more to protect themselves and the valuable data they hold. But to do this, they need more staff. As far as I can remember, cybersecurity has long faced a gap between the supply and demand of professionals, leaving businesses, and by extension us, vulnerable to vicious cyberattacks. Our research programme, the (ISC)2 Global Information Security Workforce Study, has tracked the state of the workforce over the past
40
Cyber Security Mag
thirteen years, with its most recent report – which surveyed over 19,000 professionals from our industry – revealing a widening chasm; a projected shortfall of 1.8 million cybersecurity workers worldwide by 2022, if current hiring trends continue. This is up 20% from the same figure projected in 2015’s report, and the issue is directly leading to data breaches, impacting us as consumers. A SKILLS CLIFF EDGE The lack of professionals entering our profession has a two-fold impact on the profile of the workforce. Not only is it not increasing at a rate fast enough to fill the necessary roles, it has also led to a greying workforce, with just 12% of workers under 35, and 53% over 45. The profession faces a looming skills cliff edge, with the majority of workers getting clo-
ser to retirement and companies failing to recruit long-term replacements. As the fastest growing demographic, millennials will be critical for filling the employment gap, but I believe existing attitudes must change if we are to entice valuable candidates. Recruiters are currently not hiring enough recent university graduates, instead opting for those with more prior experience – 93% of respondents indicated that this is an important factor when making their hiring decisions. Yet, employers could be doing much more to attract and retain younger people. The study found that millennials value organisation training, mentorship and leadership programmes. As a demographic that holds personal development in such high regard, businesses need to be catering to these needs to attract crucial young talent.
IMPROVING GENDER DIVERSITY In addition to the widening skills gap, diversity within the workforce remains low. Our study also revealed that women form just 7% of the workforce worldwide in Europe; a level that has remained virtually unchanged since 2004. There are also signs of a rampant gender pay gap, with male professionals in Europe earning £9,100 more on average than his female counterpart. This is despite Europe’s female cybersecurity professionals tending to be better educated, with a higher proportion of them occupying managerial positions. In the UK for example, 50% of female cybersecurity professionals hold postgraduate degrees, compared to just 37% of men, with 64% of women in managerial positions compared to 57% of men. A workplace where women are both paid less and more likely to be subject to discrimination can make it harder to promote such a profession to women. The lack of women also creates a self-perpetuating cycle with few established female role models to encourage the new generation. But there are clear steps that can be taken to attract more women into cyber, and at the same time address the growing need for more staff. Much like with millen-
nials, employers need to create inclusive work places that support and value women, via sponsorship and mentorship programmes that tie to the success and satisfaction of women at all levels. Equally as important, organisations must end pay inequity, and also draw from a wider set of backgrounds and degrees, including humanities and arts degrees, where there tend to be higher proportions of females. Fundamentally, this is no longer just an issue of increasing workforce diversity, but an issue of economic and national security. The cybersecurity skills gap is growing wider every time we survey our workforce, and governments across the world are recognising that cyberattacks are critical national vulnerabilities. Attracting more millennials and women into the industry would not only significantly help reduce this shortfall in skills, but by diversifying the workforce, it will provide the necessary basis for a safer world, especially in today’s increasingly plugged-in society. By Adrian Davis
Cyber Security Mag
41
