Why the cyber-security skills shortage is a CEO's responsibility
Why the cyber-security skills shortage is a CEO's responsibility
Cyber-crime now costs the global economy up to US$ 600 billion (£424 billion) annually — equal to 0.8 percent of GDP. Yet at the same time, the cadre of cyber-security talent is running perilously low: by 2022 it is predicted there will be a shortage of 1.8 million workers. 

With worldwide financial stability at risk, the gap in defensive capabilities need to be plugged, and the core responsibility for doing so rests squarely on the shoulders of CEOs. As organisational leaders, CEOs are duty-bound to ensure businesses operations run smoothly and safely, inclusive of building security teams with the requisite skills needed to fight cyber- criminals. 

The question is: how can organisations improve cyber-protection when talent is so scarce? 

Broadening recruitment horizons

As well as the notorious dearth of female workers — women hold just seven percent of cyber security roles in Europe — under-representation is rife in many areas of the technology sector. For instance, US studies show that the ratio of white employees (63.5 percent - 68.5 percent) outweighs other groups, such as African Americans (14.4 percent - 7.4 percent), and “unfairness” is the top reason LGBTQ workers leave tech jobs. However, the industry has a significant opportunity to address this imbalance by widening its recruitment net.

In particular, CEOs must stress the importance of hiring from every section of society. By ensuring that their hiring process offers an equal opportunity to minority groups and women, business leaders can make sure their talent pool is not restricted to a single social group, and therefore a narrower range of skills. Further, CEOs must focus on either building or maintaining an inclusive culture, or do both. By fostering an environment where employees feel valued and supported, CEOs can retain their existing skilled team members and increase the number of workers who apply for jobs, giving them access to a wider range of talent. Furthermore, by encouraging a more diverse workforce, they can enhance business prosperity; after all, a varied workforce brings different ideas and approaches, enabling companies to improve services and defences. 

Educating the next generation

Cyber-security does not have a reputation for attracting young talent: the average age of professionals is 42 and only 20 percent of the workforce is aged under 34. While experienced specialists are crucial to keep attackers at bay, there is a risk that companies may soon lack vital resources if the next major cohort of workers – made up of Generation Z and millennials — continues to be uninspired. To ensure security teams remain robust, it is essential to create encourage and nurture talent. Developing internship and mentoring programs is a good place to start.

CEOs must take the lead by supporting and facilitating the education of children about cyber- security – not just to help them avoid hazards, but also pique interest in related careers. The good news is that there are already initiatives aimed at doing so: including the UK's Cyber Schools Programme, which hopes to teach online threat mitigation skills to 5,700 teenagers by 2021. However, greater efforts are still needed. Although many young people are intrigued by technology, they often flock to large software companies because they are more high profile. Thus, CEOs need to shine a brighter spotlight on the range of lucrative cyber-roles available — be that via recruitment listings that show the industry is not just for developers, offering in-house apprenticeships, or extending hiring reach to encompass social media.  

Propelling mentoring schemes 

With reports indicating the two biggest problem areas for cyber-security professionals are business understanding (72 percent) and technical ability (46 percent), it is apparent that there is scope within organisations for internal development — and once more, CEOs should be driving this activity. They are well placed to raise company-wide awareness of cyber-safety matters and create initiatives that allow skilled employees to share knowledge. For example, CEOs might encourage high-performing individuals to mentor new employees, hold problem-solving workshops, or participate in external cyber-programmes at schools and universities. 

Not only can such efforts relieve the pressure on CEOs, but they also empower employees by fostering greater interactions that create learning opportunities. Indeed, there is also a strong argument for CEOs to boost their own skills by participating in mentoring programmes. I have found that supporting projects such as BRIIA — a community that helps entrepreneurs grow companies fuelled by artificial intelligence — has enhanced my leadership abilities and provided a fresh perspective on key challenges. 

Of course, CEOs cannot be expected to single-handedly bridge the cyber-security skills gap; but there are many steps they can take to reduce the talent shortage. By making a conscious effort to attract and employ a diverse range of professionals, working to educate and inspire new generations of security specialists, and increasing their focus on skills sharing, CEOs can make sure the economy and networks are powerful enough to take on hackers, and win. 

Contributed by By Kirsten Bay, CEO and president, Cyber adAPT 

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.