A new report by Capgemini’s Digital Transformation Institute highlights an urgent and growing cybersecurity talent gap, calling for new recruitment and retention strategies to help organizations contain cyber risks and build competitive advantage. The report, Cybersecurity Talent: The Big Gap in Cyber Protection, demonstrates that of all the digital skills necessary for organizations with aspirations of digital leadership, cybersecurity represents the biggest gap between demand for those skills and internal supply.
The report surveyed over 1,200 senior executives and front-line employees and analyzed social media sentiment of more than 8,000 cybersecurity employees. Sixty-eight percent of organizations reported high demand for cybersecurity skills compared to 61% demanding innovation skills and 64% analytics skills. Demand for these skills was then set against the availability of proficient skills already present in the organization. This identified a 25 percentage point gap for cybersecurity skills (with 43% availability of proficient skills already present in the organization), compared to a 13 percentage point gap for analytics (51% already present) and a 21 percentage point gap for innovation (40% already present).
“The cybersecurity skills gap has a very real effect on organizations in every sector,” says Mike Turner, Chief Operating Officer of Capgemini’s Cybersecurity Global Service Line. “Spending months rather than weeks looking for suitable candidates is not only inefficient it also leaves organizations dangerously exposed to rising incidents of cybercrime. Business leaders must urgently rethink how they recruit and retain talent, particularly if they wish to maximize the benefits from investment in digital transformation.”
The demand for precious cybersecurity talent is projected to grow over the next 2-3 years with 72% of respondents predicting high demand for cybersecurity in 2020, compared to 68% today. Set against increasing incidents of cyberattacks and the need for organizations to not only protect themselves but also maximize competitive advantage from digitization, the report recommends a series of tactical priorities for business leaders.
Priority 1 – integrate security
The first priority for companies is to assess how well security is integrated across the organization. What is the culture of cybersecurity outside the team with direct responsibility for keeping data protected? How security-savvy are app developers and network managers?
“It’s important to make the organization as a whole better at cybersecurity, aligning the enterprise with principles and processes that are secure from the ground up,” explains Mike Turner. “Get the basics right, in terms of application development. Develop secure code. Make your network engineers and cloud architects better at securing the cloud. That’s a good way to fight the skills gap, because it teaches the organization to be secure by design.”
Priority 2 – maximize existing skillsets
“Another priority is to look at the, as yet, unrecognized cybersecurity skills that lie within. Half of all employees are already investing their own resources to develop digital skills, showing an appetite to upskill. Organizations that struggle to recruit externally may be able to uncover candidates with adaptable skillsets who can be trained. Those functions with complementary and transferable skills include network operations, database administration and application development.”
In addition, companies should look at the requirement to embed security into every service and application and hire business communicators to complement the technical skills in their team. Business analysts and technical marketers could be transferred to cybersecurity roles to enable the company-wide adoption of best practice.
Priority 3 – think outside the box
A third priority is for organizations to think beyond the normal recruitment strategies and understand the root skills of cybersecurity. Look at traits and skills present in completely different job roles and interview candidates the organization might not usually consider. Those currently in math roles for example, are often highly skilled at pattern recognition. “Thinking outside the box is about understanding the transferable skills,” adds Mike Turner. “For example, people on the autism spectrum are fantastic at pattern spotting and are often blessed with numerical and problem-solving skills, attention to detail and a methodical approach to work – all useful traits for cybersecurity best practice.”
Priority 4 – strengthen retention
The final report recommendation looks at retention of talent. In a highly competitive recruitment market, organizations must also look at engagement of existing employees to ensure talent gaps don’t worsen.
The report reveals that cybersecurity employees value organizations that offer flexible working arrangements, encourage training and prioritize clear and accessible career progression. Within the new report, a difficult work-life balance was discussed as one of the five worst aspects of the job by cybersecurity professionals on social media and a main reason why they leave or remain dissatisfied with their company. The clear majority (81%) of cybersecurity talent agreed with the statement: “I prefer joining organizations where I have a clear career development path” compared to 62% of all respondents in our survey.
The number is even higher (84%) for Gen Y and Gen Z employees, who highlighted a lack of career progression as their number one concern. Managing these softer but equally important retention issues is a key requirement for building a viable and sustainable cybersecurity offering.
Capgemini Digital Transformation Institute surveyed 753 employees and 501 executives at the director level or above, at large companies with reported revenue of more than $500 million for FY 2016 and more than 1,000 employees. The survey took place from June to July 2017, and covered nine countries – France, Germany, India, Italy, the Netherlands, Spain, Sweden, the United Kingdom and the United States and seven industries – Automotive, Banking, Consumer Products, Insurance, Retail, Telecom, and Utilities.
Capgemini also conducted interviews with recruiters from global firms, cybersecurity associations and academics to understand best practices to mitigate the cybersecurity talent gap. Lastly, Capgemini analyzed the sentiments of around 8,400 current and former employees at 53 cybersecurity firms with at least 100 employees on social media. Selected firms operate primarily in the cybersecurity space covering (but not limited to) data security, cloud security, mobile security, enterprise security, email security, and application security.
A copy of the report can be downloaded here