The gap in cybersecurity talent management is now undeniable. As companies attempt to bridge this gap and have a more robust security system in place, it is important for them to have clarity on the tangibles that constitute this gap.
To understand the gap, we looked at several macro-level indicators and statistics of human resource management in the cybersecurity domain. The results indicated how in-house hiring and management of a security team is becoming increasingly challenging.
Where does the gap actually lie?
Lack of skilled personnel
According to the annual global survey on cybersecurity, conducted by the ESG on behalf of the Information System Security Association (ISSA), cybersecurity skill shortage impacts 74% of organizations. Moreover, this trend has been growing for the past three years.
- 63% of organizations fail to provide the necessary level of training to their professionals.
- Cloud Security has the most severe shortage (33%), followed by application security (32%) and security analysis & investigations (30%)
Lack in diversity
Roles in cybersecurity as a domain have been stereotyped to having a high number of young male individuals. Women represent not more than 10% of the total workforce. The lack in diversity is not limited to the gender imbalance but extends to racial attributes like ethnicity as well. 65% of professionals identified themselves as Caucasian. Asian, Middle Eastern and African American professionals make up less than 20% of the pool.
Lack of focused accountability
For most organizations, the chief security officers used to play the role of gate keepers, exercising their right to veto whenever they deemed any activity a security risk. As businesses started focusing on growth more than anything else, having a strict gate keeper acted as a hinderance to it.
In today’s time, as CTOs are responsible for a wide range of tasks. Consequently, security as a function of business is not getting enough attention. The need of the hour is to have a person solely responsible and accountable for the security needs of a business – irrespective of its size.
Mismatch in authority & responsibility
A report based on a survey of Fortune 500 companies found that just 4% of security professionals were at the senior vice president level while only 27% at the vice president level in their organizations. For companies with revenue numbers no less than $5 Billion, this is a rather low number.
This misalignment in the chain of hierarchy is detrimental for the security concerns of the organization. Conflicts between the CSIOs and their reporting managers is inevitable due to the inherent mismatch in their objectives. The latter focuses on growth and driving profits for the organization whereas the former focuses on security. This also restricts direct communication between the CEOs or the board members with the cybersecurity team. Sustained miscommunication can lead to lack of trust and leave the board unaware of how grave the issue of security is.
Security Aggregators – a popular solution
Security aggregators are responsible for analyzing the end to end security needs of their client. Post which, they curate a customized package of security products to minimize chances of any leakage. These aggregators use the best of talent to serve multiple businesses’ and maintain a single point of control. Boosted by economies of scale, they can provide better services at lower costs, making them the go-to-option for businesses.
Should businesses stick to the traditional ways of securing themselves or is there a better way forward?
Listen to a podcast on the cybersecurity talent crunch here!