Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage
With budget constraints and a limited supply of skilled talent, businesses need to get creative to defend against rampant cybersecurity threats.
COMMENTARY
Globally, cybersecurity threats continue to accelerate in pace and scale with rising malware and deepfake attacks. Over a third of organizations worldwide suffered a material cyber incident from malicious actors in the past year, while 73% were affected by ransomware attacks in 2023. With these cyberattacks come serious financial costs — global damages total an astonishing $8 trillion each year. As attack surfaces continue to expand and cybercrime emerges as the world's third-largest economy, trailing only the US and China, the time to act is now.
Cybersecurity professionals are key to addressing this problem. Yet, the global cybersecurity skills deficit has reached a record high of 4 million. In the UAE alone, a recent study finds that 66% of IT managers believe their organizations lack "the right people and processes to be cyber resilient." So why is there a growing disparity between the demand for cyber staff and the availability within the talent pool, and how can we tackle this?
What's Driving the Cyber Skills Shortage?
There are multiple reasons for the ongoing cybersecurity skills shortage. First, as breaches increase year over year, there is continued high demand for high-quality cybersecurity professionals, such as those proficient in cloud security, threat intelligence analysis, and incident response, and the supply of qualified individuals has not kept pace. For instance, the Middle East and Africa have a total cybersecurity workforce of about 402,000 people but require another 102,000 professionals to meet demand. This shortage of workers means cybersecurity teams are overworked and time-poor and struggle to identify and prevent threats in a timely manner, which leaves businesses vulnerable.
Also, there is a shortage of high-quality cybersecurity programs in schools and higher education institutions. While there are good examples, many programs have limited course offerings and outdated curricula. The result is a shallow pool of candidates who can identify, assess, and mitigate cyber threats such as phishing attacks. Similarly, many current cybersecurity programs are not up to date with the latest cyber threats, leaving a gap between the skills taught and those required in real-time scenarios.
Limited organizational funding for security training is another contributing factor. According to a recent report, 31% of respondents cited lack of budget as a key challenge. Insufficient budget allocations mean organizations must deal with outdated technologies and tools and struggle to prioritize employee training. This leaves critical systems and data exposed to potential breaches.
Three Key Ways Businesses Can Tackle the Shortage
For businesses looking to mitigate the effects of the cybersecurity skills shortage, upskilling and reskilling staff through ongoing education and learning is one of the most important steps. To do this effectively, businesses must first conduct a comprehensive assessment of the existing skills within the organization and then determine the cybersecurity skills required based on the company's industry, size, and risk profile. Equally important is creating an environment that encourages a continuous learning culture, helping staff stay up to date with cybercriminals' latest tactics, techniques, and procedures.
We also need to shift towards a skills-based hiring approach, broadening the pool from just those who have a cybersecurity-related education, such as computer engineering degrees. Soft skills such as communication, teamwork, and problem solving are also vitally needed in our sector. With the ongoing skills gap and many cybersecurity skills being transferrable, recruiting workers from outside the industry could fill hiring needs faster by tapping into a wider talent pool. It also allows the opportunity to employ more creative solutions to cyber threats.
Another way to tackle the shortage is through raising awareness among C-suite executives and decision-makers about the importance of cybersecurity skills, the talent deficit, and the economic and security implications. Corporate boards and government oversight bodies need to continuously update their knowledge on developments in the cybersecurity landscape, as well as receive training to ensure they understand their roles in risk management and can make informed decisions.
To conclude, as organizations across industries and geographies continue to rely on digital technologies, we need a robust cybersecurity workforce to protect networks and data from emerging cyberthreats. Going forward, the focus needs to be on upskilling staff, shifting towards a skills-based hiring approach, and encouraging more collaboration between industry and government. To be more effective, businesses must prioritize areas where the demand for skills is growing, such as cloud security, and create an environment that supports developing those skills.
Read more about:
DR Global Middle East & AfricaAbout the Author
You May Also Like