Cybersecurity Talent Shortage

McKinsey & Company published an article called, “Ten IT-enabled business trends for the decade ahead” about two years ago. It is a thoughtful read for anyone interested in foreseeing the ongoing changes in information technology, innovation, and business adoption. Some of the IT Trends that were featured include the increasing use of social technologies, the deployment of the Internet of Things, growing digital penetration in emerging economies, and the rise of mobile Internet and digital commerce. While these trends are altering the business landscape at an incredible pace, the article mentioned a few implications that merit serious attention. One of the issues that require more focused attention is security. As more digital information is produced, processed, and stored by organizations and individuals, they will be attractive targets to cybercriminals, hacktivists, malicious insiders, and state-sponsored hackers. An exposure of sensitive or private information will cause massive operational disruptions on the owner of the information, including damage to reputation, loss in revenues, and potential lawsuits. As the Global Trends 2030 report  stated, cyber-attack is considered one of the possible black swans that “could cause the greatest disruptive impact.”

Organizations need to strengthen their protective capabilities while ensuring business innovation and growth into the next decade to stay ahead of the increasing cybersecurity threats. First and foremost, an organization must recruit and retain personnel with the required knowledge and skills to protect critical systems and information. These “cyber defenders” use a diverse range of skills and knowledge to identify, assess, calculate and mitigate threats against an organization’s systems, information, and processes.  They must also be aware of emerging technological trends and understand any vulnerabilities and risks associated with these trends. Unfortunately, there is a vast shortage of cybersecurity talent. According to ISACA’s report in a recent RSA Conference, there is an insufficient supply of qualified and skilled cybersecurity professionals available to protect organizations and consumers. McKinsey’s Special Report “What Happens Next?” provides an explanation of this phenomenon, which is one of the complications of the productivity imperative (Crucible 2). The report pointed out that the production of new talent is not fast enough to keep pace with the demand.  The growing talent mismatch is because Western economies were not able to produce enough knowledge workers required for 21st-century jobs, including cybersecurity. To make matters worse, an increasing number of cybercriminals and hackers are becoming more sophisticated and highly motivated to take advantage of the growing amount of critical and sensitive information enabled by advances in technology.

The ongoing technological changes and trends and their potential downsides created threats for organizations that were not able to foresee or keep up with these changes. On the other hand, organizations that are prepared or willing to adapt will find these changes as opportunities that can produce rewards if correctly leveraged. Instead of complaining about the talent gap in cybersecurity, these companies will strive to develop their cyber force using its current employees, establish partnerships with universities to build a personnel pipeline, or provide better incentives to attract more talent. Just as threats and opportunities can be regarded as two sides of the same coin, an IT trend (including its complications) can either pose a grave threat or provide an exceptional opportunity to an organization depending on its capability (strength) or incapability (weakness) to face the challenges ahead.

Featured Post

Motivations towards Shadow IT

A logical place to understand the problems posed by shadow IT is to understand why the practice exists in the first place. One must know the users’ needs and motivations for getting external cloud … Continue Reading