Why diversity is the answer to the cybersecurity skills gap

With cyberattacks increasing and cybersecurity the number-one skills gap in 2022, more organisations are tapping diverse talent with upskilling initiatives

At the National HBCU Week Conference recently, IBM announced an initiative aimed at addressing both the cybersecurity skills gap, and simultaneously the diversity issue.

In a bid to create both talent for employers and opportunities for students, IBM announced plans to work with 20 Historically Black College and Universities (HBCUs) to help them establish Cybersecurity Leadership Centers, IBM.

This collaboration, which epitomises IBM’s commitment to the Black community and STEM education, builds on the tech giant’s pledge to train 150,000 people in cybersecurity over three years.

It’s a smart idea and one that an increasing number of tech companies are signing up to, as they look to tackle these two pressing business concerns.

Cybersecurity talent shortage – 3.5 million jobs open globally by 2025

Organisations worldwide are facing unprecedented risk from rising cyber threats and attacks.

Cybercrime attacks increased by up to 600% in 2021, resulting in huge financial loss and brand trust for a significant number of businesses. And in 2022, global cybercrime damages are predicted to cost US$7 trillion globally, with costs expected to grow 15% each year over the next four years.

KPMG’s latest CEO Outlook study shows three-quarters of CEOs agree geopolitical uncertainty is raising concerns of a cyber-attack in their organisations. KPMG CEO Paul Knopp says the huge demand for cyber has been made “stronger by the threats around cybercrime coming out of what’s happening in Eastern Europe with the Russia-Ukraine crisis.”

While leaders acknowledge cybersecurity as a priority, many are encountering barriers to protection, with talent shortage one of the biggest.

In fact, cybersecurity is the number-one skills gap in 2022, and the numbers make for worrying reading. According to ISACA’s State of Cybersecurity 2022 report, 63% of cybersecurity professionals have unfilled cybersecurity positions, up eight percentage points from 2021, while 62% have understaffed cybersecurity teams.

Meanwhile, 20% say it takes more than six months to find qualified cybersecurity candidates for open positions, and 60% report challenges retaining qualified cybersecurity professionals, up seven percentage points from 2021.

Such shortages are holding organisations back from fully embedding cybersecurity and costing them financially when breaches occur. A recent IBM Security study found that insufficiently staffed organisations average US$550,000 more in breach costs than those that are sufficiently staffed.

Leaders are not just facing shortages in current roles but know that they must increase the number of such roles due to the increased risk of cyber threats to organisations. By 2025, there will be 3.5 million cybersecurity jobs open globally, representing a 350% increase over an eight-year period.

This means the global cybersecurity workforce needs to grow 65% to effectively defend organisations’ critical assets.

But no one organisation or single government can close this gap alone. While there are many one-off solutions in the race to close the gap, the problem requires a collaborative effort from private and public institutions, from government and business, and across the globe.

Could tapping a diverse workforce hold key to cybersecurity shortage?

Organisations, public and private, are increasingly seeing the cybersecurity skills gap as an opportunity to diversify the workforce.  

More tech firms are working with educational institutions, government, and non-profits to create a new and more diverse cybersecurity talent pool and pipeline – not just for their own hiring but for the wider cause.

Salesforce is one company at the forefront of tapping into diverse talent to fill cybersecurity roles – the firm has collaborated with Fortinet, the Global Cyber Alliance, and the World Economic Forum to create the Cybersecurity Learning Hub, which provides free and career-oriented modules that give people a route towards these in-demand roles.

“Tapping into new sources of talent and welcoming non-traditional pathways to cybersecurity careers can lead to a more diverse talent pool,” says the World Economic Forum, adding this can be “further nurtured through on-the-job training, professional development and networks, micro-certifications and more.”

Salesforce recommends businesses, government, and communities work together, to harness existing learning communities, invest in younger generations, and promote training programs focused on top digital skills.

In a push to solve the cybersecurity industry’s growing talent problem while also helping to diversify the industry, Microsoft launched in 2021 a national campaign with US community colleges to help skill and recruit into the cybersecurity workforce 250,000 people by 2025, representing half of the country’s workforce shortage.

While some of these individuals will work at Microsoft, the vast majority will work for tens of thousands of other employers across the country.

Following rollout across the US, the software giant announced earlier this year, it was expanding its cybersecurity skilling initiative to 23 additional countries, including Australia, Brazil, Canada and India, countries chosen due to their “elevated cyberthreat risk.” The company plans to work with the countries’ local schools, nonprofits, governments and businesses to develop the skilling programs.

Cisco, which boasts the longest-running corporate education program in the world and has trained more than two million US students with leading networking and cybersecurity skills over the last 25 years, recognises the opportunity to tap diverse talent.

“Our experience tells us that solving the cyber skills gap will not only strengthen national and economic security but will also open opportunities to employ a more diverse workforce and unlock well-paying employment opportunities for historically marginalized communities,” says Francine Katsoudas, Chief People, Policy & Purpose Officer.

“The threat landscape is constantly evolving, and through increased public-private collaboration, we too can rapidly evolve to meet the challenge at hand,” she says.

This summer, during the White House Cyber Workforce and Education Summit, Cisco announced its commitment to train an additional 200,000 students in cybersecurity over the next three years, and in Canada, has partnered with the British Columbia Institute of Technology to skill the next generation of cybersecurity leaders.

Share

Featured Articles

Welcome to the New Age of the CISO

HE Dr Mohamed Al-Kuwaiti, Head of Cyber Security, UAE Government and Dr Aloysius Cheang, Chief Security Officer Huawei UAE, on the new age of the CISO

Making the UAE the world’s strongest digital fortress

His Excellency Dr Mohamed Al-Kuwaiti, Head of Cyber Security, UAE Government, on visionary plans to build the world’s most secure digital society

World Mental Health Day – 10 apps to improve wellbeing

Employers should recognise the growing use of apps to help support mental health – here are 10 to consider on World Mental Health Day

Exec interview: Brook Sims, COO, MAC Diversity Recruiters

Leadership & Strategy

Best new books that will make you a better leader

Leadership & Strategy

5 Mins With: Jeff Li, founder and CEO of Shoplazza

Leadership & Strategy