The cybersecurity sector is facing a dire shortage of talent as the threat landscape continues to evolve, according to research from ISC2. The organization found that although the global cybersecurity workforce grew to 4.7 million people in 2022, there is still a need for more than 3.4 million security professionals, representing an increase of over 26% from the previous year.
The growing shortage can be attributed to various factors. One main factor is that organizations are shifting towards cloud-first strategies to achieve greater scale and flexibility. As a result, they are using multiple cloud technology providers and database providers, leading to an increase in work, alerts, and data. This complexity requires new tools and changes in practices and skills. However, CISOs (chief information security officers) are struggling to meet the demand due to limited budgets and a lack of personnel. This shortage affects organizations of all sizes and is exacerbated by the expanding and evolving threat landscape. In 2022 alone, there were 1,802 data compromises, impacting 422 million individuals.
The talent shortage is also impacting the role of CISOs. They are facing a shift in workload and increased administrative tasks related to audits, third-party risk assessments, and vendor due diligence. Over the past two years, the time spent on third-party assessments has significantly increased, with some assessments requiring over 30 staff hours. Additionally, CISOs now have the responsibility to provide guidance on data protection and legal data use as businesses strive to comply with evolving privacy regulations. This places additional burden on CISOs and requires them to shift their focus from solely protecting data to enabling its legal use. Privacy regulations vary from state to state and country to country, requiring the involvement of multiple skill sets and resources for effective implementation.
Furthermore, security threats and breaches continue to rise, adding to the challenges faced by CISOs. The rapid adoption of cloud technology has made it difficult for security teams to respond effectively due to reduced visibility compared to traditional data centers. While there are modern data security tools available, they often lack user-friendly features for CISOs, as they were initially developed for data operations teams. The problem is compounded by the increasing number of dispersed data sources and providers, making it challenging to understand the context of the data.
One potential solution to address the cybersecurity skills gap is for organizations to adopt security as part of their business culture. This involves educating all departments and individuals within the organization on security best practices. By strengthening the knowledge and understanding of security across the organization, companies can compensate for the lack of human talent and promote collaboration in addressing security challenges.
In addition, elevating the CISO role within the organization and including them as part of the senior leadership team or even the boardroom is crucial. This increases visibility and ensures effective communication of security standards and metrics to stakeholders. The boardroom’s inclusion allows CISOs to advocate for additional team members and the recruitment of qualified professionals.
Furthermore, despite tighter technology budgets, organizations should continue investing in automation. Automation tools can handle tedious backend tasks, provide detailed analysis, and suggest next steps, reducing the need for extensive manual labor. This not only helps curb costs but also allows security teams to focus on more valuable projects, increasing job satisfaction and talent retention.
With new mandates, such as the Biden administration’s cybersecurity strategy, placing greater scrutiny on technology companies and service providers, organizations must address the shortage of cybersecurity talent now. Failing to do so puts their business and customers at even greater risk in the future. It is essential to invest in strategies and initiatives that supplement the lack of human talent and ensure effective security measures are in place.