Cybersecurityventures.com reported that there are close to 3.5 million open positions in the cybersecurity field worldwide.
There is a shortage of over 347,000 cybersecurity professionals in Europe, with France alone lacking nearly 60,000 experts in 2023, according to (ISC)² estimates.
A significant element driving this skill gap is the increasing effects of cybersecurity breaches on organizations worldwide. The frequency and complexity of attacks compel organizations to continue to recruit and retain valuable cybersecurity talents.
This article discusses the importance of organizations understanding the workforce gap's root cause and the steps they can take to achieve their cybersecurity projection and compliance objectives.
Organizations needing help recruiting and retaining talent remain a global problem, not just in the United States and the EU. A contributing factor to this issue started during the COVID-19 pandemic. International technology firms like Google, Apple, Microsoft, and Amazon went on a hiring spree. This increase in hiring tarnished other firms seeking similar experienced talent. While this hiring spree affected most U.S.-based firms, global companies in the EU witnessed their cybersecurity resources being recruited aggressively by different organizations, including competitors.
After COVID-19, many technology companies have laid off or restructured their organizations. In hindsight, this action should have allowed many firms to capture talent departing them. However, a challenging byproduct of the hiring-to-firing spree became the compensation model.
During the hiring spree, experienced security, application, and DevOps engineers commanded a much higher salary with a total compensation package close to $500,000 per year. During the layoffs, organizations attempted to restructure their compensation packages back to pre-COVID-19 levels.
Furthermore, the talent who let go became very reluctant to lower their compensation demands, along with the desire to work from anywhere. Employers struggled with this challenge, wanting people to return to their offices.
In 2024, with the demand for experienced cybersecurity talent still high, small-to-mid organizations need help to lure the right talent at a much lower compensation point.
Compensation, demand, and a limited talent pool are just a few factors adding to talent storage. Another dual-edge byproduct of the program is the global adoption of artificial intelligence (AI) and machine learning (ML), which are becoming mainstay tools in every organization.
With the rapid growth and demand for ChatGPT-like capabilities, CEOs, CIOs, and COOs recognize the importance of AI becoming a critical component in transforming their business model. AI continues to find a home within organizations, including revolutionizing the customer experience with chatbots, leveraging Co-pilot for application development, and powering extended detection and response (XDR) for more efficient incident response.
Cybersecurity engineering talent skilled in leveraging AI consumption will continue to be in demand. However, organization executives quietly also recognize the value of AI in helping reduce headcount, modernize their financial systems and operations, and cut costs in new product development. These dynamics could swing the compensation model back in favor of the employer.
This scenario could become a factor for many engineers wanting to seek a career in cybersecurity. They would be less likely to invest in acquiring various industry credentials and degrees just to be replaced by AI soon. AI could make fewer people available for cybersecurity roles, causing organizations to invest more capital in AI and ML tools.
Note: Even advanced AI and ML tools need the talent to manage these solutions.
A cybersecurity report projected that cybercrime costs would soar to $9.5 trillion by 2024 and over $10.5 trillion by 2025 globally. In the US, the potential loss from cyberattacks and fraud is estimated to exceed $10.2 billion in 2022, according to an FBI report.
The top five countries and regions with the highest average costs of a data breach globally were the Middle East ($8.07 million), Canada ($5.13 million), Germany ($4.67 million), and Japan ($4.52 million).
Ransomware attacks, data theft, and other cybersecurity attacks force organizations to spend valuable capital on cyber insurance, hiring expensive cybersecurity architects and security incident engineers. The cost for this talent level continues to rise with the global for their skills. Entry-level employees with cybersecurity skills deficits create additional liability by not keeping with responding to various attacks, including insider threats.
Regardless of the organization's size, a cybersecurity talent gap exists. An organization's employees must learn to leverage AI tools, handle thousands of cyberattacks almost daily, and manage their cybersecurity solutions. Otherwise, this will negatively impact the organization's security posture.
More funding for security training is needed.
“In a recent report published in Dark Reading, 31% of respondents said a lack of budget is a significant challenge. More money means organizations must work with old technologies and struggle to prioritize employee training. This challenge puts critical systems and data at risk of being breached.”
Many advancements in AI and ML for cybersecurity defensive protection are years away from becoming a course within higher education. Many smaller schools and vendors need more educational offerings relating to AI and ML. Data scientists, a critical component within an AI strategy, have a head start regarding formal education curricula in many universities and private institutions.
With continuous education that aligns with the constant change in the threat landscape, employees and employers must keep up with knowledge and certifications. Many cybersecurity engineers who work in the security operations center (SecOps) become burnt out from handling the increased complexity and velocity of cyberattacks.
Organizations in the EU specifically have several compliance and privacy mandates. These mandates include:
Note: Organizations evaluating the cost of retaining value cybersecurity talent must consider the financial implications if the firm becomes subject to fines for non-compliance because of a mismanaged security breach.
Solving the workforce gap for cybersecurity within an organization requires the firm to consider all the factors involved:
Organizations driving to close the gap regarding cybersecurity resources continue to research and ultimately develop partnerships with managed service providers (MSP) and managed security service providers (MSSP).
MSSP/MSP created managed offerings to help clients adjust to the cybersecurity workforce gap by providing various solutions to align with their client needs.
These offers include:
Leveraging an MSSP/MSP helps organizations solve their workforce issues while controlling their SecOps costs, lowering risk, and meeting compliance mandates.
Forenova's MDR services assist organizations with compliance and privacy regulations, including HIPAA, PCI-DSS, NIS2, DORA, GDPR, and CCPA. These regulations require the organization to prove that it can respond to next-generation AI-powered cyberattacks and their increased velocity.
For organizations seeking a partner to augment their current security operations (SecOps) team or provide complete 24/7 monitoring and response, threat intelligence, and other cyber defense tools, NovaMDR has access to experienced engineers to meet their business and compliance goals.