Demand is outpacing supply when it comes to skilled cybersecurity talent

Recent high-visibility cyberattacks (Sony, Target and the US Democratic National Committee to name a few) have raised awareness about the value of cybersecurity experts who can keep an organisation’s data and information safe. Standard preventive security software and IT security protocols are not always enough to protect an organisation from a determined hacker.1

The Cybersecurity Talent Gap

Most organisations are struggling to recruit and retain employees with premium cybersecurity skills. “There’s a shortage of talent, because almost every enterprise from the Fortune 1000, global 5000, and government agencies are now scrambling to find experienced talent, and it’s become a very competitive market, even for recent graduates,” notes Muddu Sudhakar, CEO of Caspida, a cybersecurity company based in Palo Alto, California.2

Not surprisingly, salaries for those with cybersecurity skills—for positions from entry- to senior-level—are increasing rapidly3. This has put government agencies, who arguably need these services more than many other entities, at a disadvantage when it comes to recruiting cybersecurity talent.

In a survey by KPMG, three-quarters of the IT and HR executives at companies with 500 to 10,000 employees said they faced emerging cybersecurity challenges that required new IT security skills. Just over 50 percent said they might use a hacker to advise their security teams and nearly the same percentage would consider recruiting a cybersecurity expert with a criminal record. This is a clear indication that the skills needed to combat cybersecurity threats differ from those needed for conventional IT security.4

The gap between demand and supply of cybersecurity experts appears to be caused in part by a lack of millennials entering cybersecurity careers.5 While millennials are very comfortable with technology, they’re not drawn to careers in technology.

Solutions are Critically Needed but Hard to Come by

Part of the solution to this labour market imbalance is to steer more students into the cybersecurity field by appealing to the typical millennial’s ideals about service to the community. Additionally, the private sector will need to support the efforts of colleges and universities to foster effective high-level training opportunities and work with government entities to implement programmes that enhance the skills of cybersecurity experts. But for now, and into the foreseeable future, organisations face the prospect of offering premium salaries and benefits to recruit and retain the type of top cybersecurity expertise they need.

Key Takeaways:

  • Companies should be prepared and willing to pay a premium to recruit and retain cybersecurity experts
  • As organisations compete for cybersecurity talent, their mobility programmes and related benefits could make the difference in attracting these employees and placing them where they are needed the most
  • The business community should support university and government programmes that encourage and prepare millennials to take on careers in cybersecurity

1Kathleen Richards. Cybersecurity skills shortage demands new workforce strategies. TechTarget, August 2015.

2Robert McGarvey. Why All the Hacks May Be Good News: Cybersecurity Jobs Bonanza. The Street, 22 July 2015.

3Ibid

4KPMG. Hire a hacker to solve cyber skills crisis. 16 November 2014.

5Frost & Sullivan. The 2015 (ISC)2 Global Information Security Workforce Study.