Cyber skills shortage is talked about a lot, but not much is done to solve the problem. And, It is getting worse. We all like the idea of being cyber fit but not the process, which involves creating and retaining cyber professionals. But what is driving this all-talk-less-action trend, and what can we do?
While Australia has enabled skilled immigration and tertiary institutions are introducing more cyber-related courses, the skills shortage is still unresolved. This explains why growing a skilled workforce is a critical component of Australia’s Cyber Security Strategy 2020.
According to AustCyber, Australia will have skills gap of 17,600 by 2026. If we don’t take action now, we might not solve the crisis. We will continue to see government systems hacked and our data stolen, intellectual property stolen and businesses rendered obsolete by cybercriminals.
The 16th edition of the World Economic Forum’s Global Risks Report placed cybersecurity at number four, amongst the most critical risks facing the world, alongside COVID-19 pandemic, climate change and livelihood crises. If we are serious about managing this global crisis, we must, among other things, take a multifaceted approach to train, acquire, and retain cyber professionals. Here are three strategies that we must take today.
#1. Business leaders must do their part
Cyber risk is the responsibility of business leaders, and they need to be made more accountable. Although the financial sector has made significant progress with the CPS 234 Information security standard, this approach must be extended to all organisations, including government departments.
In a survey, training provider DDLS found a lack of business leaders’ commitment to boosting cyber skillsets within organisations, hoping to advertise and get the required personnel. More and more organisations advertise cyber-related jobs, notwithstanding the unrealistic expectations, for months without success. This is due to the lack of incentives.
For business leaders to do their part, they must have drivers. The drivers could be in the form of regulation, fines and incentives as public scrutiny and political pressure has not worked. Business leaders must see cyber skills shortage as a strategic risk that needs to be addressed. Business leaders must move away from lip service and develop strategies to solve this problem.
#2 Organisations must look internally
The DDLS survey further identified that organisations agree that more cyber professionals are required, but they do not provide any training. The survey also revealed limited investment in cybersecurity training, despite 77% reporting cybersecurity expertise being ‘extremely’ or ‘very important’ to their business. Organisations are simply burying their heads in the sand.
Organisations must be proactive and build cyber capacity internally. Many employees recognise that cybersecurity is a growing industry and are genuinely interested and keen to learn. Still, most organisations do not provide these learning opportunities.
Organisations must create programs and initiatives that will ensure cyber professionals are obtained, developed and retained for longer by creating cyber transition programs, that leverage programs like Cyber Security National Workforce Growth Program, where interested staff train and transition to cyber; adjust hiring requirements for cybersecurity to get more potential staff coming through just like IBM has done and embrace remote working arrangements. Working remotely during the coronavirus pandemic has demonstrated that it works. Let’s embrace it.
#3. Use cyber apprenticeships to bridge experience gaps
Universities and other tertiary institutions are continuously introducing cyber-related courses, which is a good thing. When students graduate, however, they struggle to land their first role. The largely theoretical knowledge acquired at these institutions is great but is not enough to land them cyber roles. Every organisation is trying to get the best skilled and experienced, even for junior roles, that will hit the ground running on day one. Usually, graduates don’t make the cut. This is the experience gap problem.
With governments’ support, through programs like Cyber Security National Workforce Growth Program and partnerships with industry, tertiary institutions can bridge the experience gap and create a talent pipeline. Institutions can create cyber apprenticeship programs where students can apply their technical knowledge and obtain experience.
We are constantly under attack from various cyber threats, but we will continue to struggle without the right cyber professionals. The cyber skills shortage has been discussed extensively, and we must develop workable strategies to solve it. Businesses and tertiary institutions must collaborate with governments to bridge the skills gap.