A global survey of over 19,000 cybersecurity people, including 3,694 from Europe, by the IT sector body (ISC)2, suggests that European organisations are planning the fastest rate of cybersecurity hiring. More than a third, 38 per cent, of hiring managers in the region wanting to grow their workforce by at least 15pc in the next year. This is despite the fact that two-thirds of organisations state that they currently have too few cybersecurity workers, as the region faces a projected skills gap of 350,000 workers by 2022.
The report calls for employers to do more to embrace newcomers and a changing workforce, as 92pc of hiring managers admit they prioritise previous cybersecurity experience when choosing candidates, and that most recruitment comes from their own professional networks. Hiring managers identified that they are relying on their social and professional networks (48pc), followed by their organisation’s HR department (47pc), as their primary source of recruitment.
The report, Benchmarking Workforce Capacity and Response to Cyber Risk, released from the 2017 Global Information Security Workforce Study, the eighth edition of the study, which has been running since 2004, covers what is claimed to be the growing cybersecurity skills gap. It shows that recruitment targets, a shortage of talent, and disincentives to invest in training are contributing to the skills shortage with 70pc of employers around the globe looking to increase the size of their cybersecurity staff this year. The demand is set against a range of security concerns which continue to develop, with the threat of data exposure clearly identified as today’s top security concern, around the world. Concern over data exposure reflects the advent of new regulations aimed at enhancing data protection around the world, including Europe’s General Data Protection Regulation to be in force by May 2018. The study was by research firm Frost & Sullivan for the Center for Cyber Safety and Education, with the support of (ISC)2, Booz Allen Hamilton and Alta Associates.
The report describes a revolving door of scarce, highly paid workers amidst a non-existent unemployment rate of just 1pc in Europe. Organisations are struggling to retain their staff, with 21pc of the global workforce stating they have left their jobs in the past year, and facing high salary costs, with 33pc of the workforce in Europe in particular making over £78,000 per year.
Study researchers suggest that organisations adapt their approach to recruitment and draw from a broader pool of talent. Findings that show workers with non-computing related backgrounds, account for nearly a fifth of the current workforce in Europe and that they hold positions at every level of practice, 63pc at manager or above.
The report also highlights a mismatch between the skills recruiters are looking for and workers’ priorities for developing a career, suggesting skills sets may not be keeping pace with requirements. Currently, the top two skills workers are prioritising include ‘cloud computing and security’ (60pc) and ‘risk assessment and management’ (41pc), while employers prioritise looking for communication (66pc) and analytical skills (59pc). Only 25pc and 20pc of workers are prioritising communication and analytical skills respectively.
Adrian Davis, Managing Director, EMEA at (ISC)2, who touched on the report while chairing at panel at the Infosecurity Europe 2017 exhibition in London, pictured, said: “There are real structural concerns hampering the development of the job market today that must be addressed. It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less-experienced candidates. If we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society.”
Raj Samani, Chief Scientist at IT security firm McAfee, said it was unsurprising that a growing number of companies are now looking to invest in cyber expertise. “Last month, the Government’s Cyber Security Breaches Survey 2017 indicated that three-quarters of UK businesses state that cybersecurity is a high priority for their senior management. Demand for cyber professionals amidst a skills shortage is growing rapidly. This is driving up wages, with a recent report indicating that CISO salaries in Europe are topping 1 million euros. The impact of this rising price for cyber expertise is that smaller and public sector organisations may find themselves priced out of employing top talent.
“Organisations in this situation will therefore need to rely even more heavily on technology, introducing the automation of basic processes to ensure that they’re effectively and efficiently protecting their organisation. Only by automating repetitive security practices, that IT and security professionals currently spend a wealth of time on, will they be able to apply themselves to developing a comprehensive security strategy for their organisation.”
And Rob Norris, VP Head of Enterprise and Cyber Security EMEIA, at Fujitsu, called it unsurprising, but encouraging that European businesses are looking to bolster their cybersecurity. “Recent, large-scale breaches have shown just how devastating these attacks can be, not only for a company’s reputation but for its bottom line as well. As a result, European businesses face fierce competition for hiring cybersecurity professionals, and must implement smart talent strategies. Business leaders should work with IT departments to identify the cyber security skills required in-house; then, organisations can use both targeted recruitment and the upskilling of existing employees in parallel to bring this about.
“Businesses can also work with outside providers to supplement their cybersecurity capability, and ensure that they stay ahead of the latest threats. And last but not least, businesses must remember that right now, every employee is at the front line in the fight against cyber criminals. The whole workforce should be educated in key principles of cybersecurity to help to prevent attacks from taking place. That way, European businesses can work around the cybersecurity skills shortage and ensure that they are as safe as possible from the ever-growing threat of cybercrime.”