The surge in the importance of cybersecurity has come at a time when the skills required to strengthen it are in critically short supply. By 2020, globally this shortage could reach 1.5 million, with some estimates putting the figure at more than double this by 2021.
Under such an extreme skills shortage, market distortions start to occur, with larger, wealthier organisations and service providers able to attract talent while smaller companies in some sectors struggle.
Inevitably, this not only makes cybersecurity more expensive, but also impacts supply chains that tie the economy of large and smaller companies together.
For the long-term interests of the emerging industrial economy, cybersecurity is a common good that should be accessible to all. Failure to address this problem is to store up problems for the future.
The Cyber-Skills Shortage Is Worsening at a Bad Moment
The rapid evolution of the IoT, the digitalisation of the economy, and growth in industrial automation is increasing the number of devices attackers can target and outstripping the skilled employees required to defend them.
Ironically, the same calculation doesn’t apply to cybercriminals, who seem more than able to find the talent needed to carry out ever more innovative attacks. It’s a skills asymmetry that helps cybercrime to flourish – countering a single skilled attacker requires several times that number of defenders across multiple organisations.
Unfortunately, the attackers understand their advantage and are gaining confidence that the balance of power is tilting in their direction.
A Lack of Skills Leaves SMEs Exposed
While larger organisations have the resources to find cybersecurity talent, the same is not true for smaller companies, including many who sit in the middle of important supply chains.
This presents a challenge for entire sectors – larger organisations can defend themselves but not the numerous smaller organisations they depend on, some of which might be in countries beyond the reach of the regulations that apply locally.
One solution is for SMEs to tap into the managed security service provider (MSSP) sector, but many of these are enterprise-focused and don’t necessarily understand the problems faced by small businesses.
Industry 4.0 Will Rely Heavily on Cybersecurity
Industry transformation over the next decade will depend on finding the expertise to marry production knowhow with cybersecurity concepts that have their origins in IT.
One challenge is that industrial cybersecurity in production environments and IT skills remain distinct areas of expertise, which makes it even more difficult to find people who understand both.
Attackers will, inevitably, seek to target production systems if this very specific skills shortage is not addressed.
Automation Isn’t An Answer on its Own
One possibility for bridging the skills shortage is to automate manual threat assessment, using human intervention only where necessary. While automation is a powerful tool for defenders, it is also possible that it might exacerbate the need for cybersecurity skills, particularly in areas such as artificial intelligence, machine learning, forensics, and response.
At best, automation might simply allow organisations to keep up with the pace of cybercriminal innovation, while requiring them to hire engineers with new skills that prove hard to find.
The Cybersecurity Talent Pool Must Be Expanded
While universities and apprenticeships offer a possible solution in some countries, a longer-term approach would be for larger organisations to stop simply hiring employees from rivals or other sectors, and instead consider investing in programs to develop them in-house.
It could also prove fruitful to look beyond candidates with specific formal qualifications or types of experience as a way of attracting talent from a wider range of backgrounds. One example of this would be to broaden the profession’s appeal to groups – women being the obvious example – which cybersecurity has traditionally struggled to attract.
The old approaches to recruitment need to evolve – the size of the recruitment gap is a constant reminder of the need for change.
Our Expert: Björn Haan
Björn has 23 years of professional experience in large international enterprises, which has had a lasting impact on his entrepreneurial skills. He started his career in 1994 at Ploenzke AG as a management consultant, before moving to IBM in 1999. There, he was manager for various national and international areas connected to IT strategy and costs, business value and, more recently, spent more than five years with IBM‘s Cyber Security business in Western Europe. Since 2011, he has been responsible for the Cybersecurity businessfield in Germany at TÜV Rheinland.
Contact our experts today to find out how we can help you strengthen your cybersecurity measure to keep up with Industry 4.0: