The demand for experts in the field of cybersecurity is increasing day by day while the industry faces a skills deficit. According to a report in May 2023, India had about 40,000 open positions in cybersecurity, reflecting a 30% gap in demand and availability. With the highly dynamic nature of the digital environment, the frequency and sophistication of cyber attacks have been on the rise. It imposes an increasingly urgent need for strong cybersecurity.
Understanding the Cybersecurity Skills Gap
The cybersecurity skills gap presents a well-documented challenge wherein demand for skilled professionals exceeds supply, creating shortages in both numbers and specialised expertise. As cyber threats grow in sophistication, specific skills become ever more crucial, but there is still a need for more adequately trained individuals to hold such important positions.
The ISACA State of Cybersecurity 2023 report indicates that companies from all over the world have found colossal skill gaps in areas like cloud computing (50%), soft skills (43%), security controls (43%), network-related topics (41%), and pattern analysis (35%).
Simultaneously, the same report points to strong technical proficiencies in demand by cybersecurity professionals regarding cloud computing (46%), penetration testing (42%), forensics (38%), identity and access management (38%), and data protection (38%).
This proportionate increase in skill gaps in a few specific areas and a rise in the demand for those very roles just goes to say that there is a need for companies to address the issue.
Factors Contributing to the Skills Gap
- Rapid Technological Advancements: The ever-evolving technology requires continuous learning and adaptation. The present workforce is overwhelmed by these rapid changes. With increasing technological advancement, the requirement for the number of skilled professionals to match the pace exceeds the available talent pool.
- Lack of Educational Resources: Many educational institutions lack specialised training for most modern roles in cybersecurity.
- High Stress and Burnout: The demanding nature of cybersecurity jobs leads to higher stress and burnout, eventually driving professionals away from the industry.
- Underrepresentation: A lack of diversity in the cybersecurity workforce limits the potential talent pool, with women and minorities particularly underrepresented.
Mind the Gap
Ignoring the gap leaves an organisation vulnerable to financial losses, reputational damage, and decreased customer trust. Cyber attacks on vital infrastructure, healthcare systems, and other critical service industries have devastating impacts on society.
This skills gap requires an investment in people, processes, and technology. Research indicates that technical education and certification provide a legitimate path to fill this void that is impacting national security and threatening social well-being.
Bridging the Cybersecurity Skills Gap
A multifaceted approach is necessary for bridging the cybersecurity skills gap:
The Future Outlook
A recent Gartner report predicts that by 2025, the lack of talent and/or human failure will result in a nearly 50% increase in cybersecurity incidents. Therefore, the cybersecurity workforce has to evolve with the growing threat landscape.
While the gap in skills creates a major problem, it also offers room for innovation and growth. As technology and technological training are major factors contributing to the skill gap, organisations should devise ways of using technology to their advantage.
Platformisation as a practice is quickly picking up pace in the cybersecurity space. Organisations benefit from essentially bundling multiple products and services into a single data store and then running AI on the entire data set for better security outcomes in real time. Another approach can be to adopt AI-powered cybersecurity solutions that leverage generative AI to fight AI. This way, Security Operations Centres (SOCs) can enhance security, simplify operations, and protect enterprise applications and data from sophisticated attacks.
A proactive and broad perspective in training, education, and technology within the industry will help in producing strong workforce entrants, whether at the beginning or mid-levels of their careers, ready to meet whatever the future holds in store. Addressing this gap through strategic investment in training, collaboration, automation, and awareness can steer us significantly closer to a secure digital future.
— Huzefa Motiwala is Director of Systems Engineering, India & SAARC, at Palo Alto Networks.
