A recent report by SEEK.com showed the year-on-year growth in demand for these experts at 57%, and it’s evident that while companies need specialists to keep their networks and companies secure, there are an insufficient number of skilled employees available to fill these roles.
In an interview with CIO.com.au, MailGuard CTO Jason Pearce said “For Australia it’s almost at a critical point. As a cyber security company to find goods skills in the market is very hard. If you can’t attract skills locally, organisations have to go offshore and find people to bring into the country.
So what is the business risk of this shortage? All too often, the ‘out of sight, out of mind’ mentality comes into play and the importance of hiring a cybersecurity professional is only realised when it’s too late. Organisations are seeing fewer and fewer certified personnel equipped to handle these roles and hiring full time IT security professionals gets put in the “too hard” basket.
However, the importance of having experienced cybersecurity experts on board to mitigate risks is imperative to the successful implementation of any cyber functionality within the workplace. Cybersecurity breaches are an unfortunate fact of life and the costs associated with them are growing extensively.
By far the largest and most impactful cost of this skills shortage is the “People Cost”. Nervous corporates, security vendors and governments are bidding up cybersecurity salaries to new highs in an effort to gain and retain talent of the highest calibre. Employees with proven cybersecurity skills are aggressively headhunted and presented offers they simply cannot refuse, including lucrative compensation packages, work environment perks, flexible hours and intensive training for skills development.
“Organisations that have built good security teams are under a lot pressure because there’s always a competitor who is trying to attract that talent. Staff retention is hard across the board. Companies need to put in counter measures,” says Pearce in the CIO.com.au interview.
The flow-on effect is increased fear in many organisations that lose security professionals who have in-depth knowledge of their informal incident detection and response processes. Valuable information that’s often kept “in their heads”. This alone is a key reason to implement an Information Security Management System with documented procedures, processes and controls, another costly exercise in itself.
From an operational cost perspective, organisations are invariably turning to technological solutions as they explore new avenues to reach customers and strive for competitive advantages across their business. In doing so, not only do businesses need to wear the costs of improving their offerings to stream-line and automate processes, and to create direct (web and mobile) channels to serve and support customers, but those businesses must also consider the associated security costs too.
Equally exposed to cybersecurity risks internally and externally, organisations reliant on technological infrastructure as their core, often cannot afford the time and financial costs involved in the case of a cyber intrusion.
Perhaps one of the most detrimental costs attributed to this shortage is the reputational damage associated with cyber issues. Without investing appropriately in cybersecurity professionals to implement effective threat protection measures, businesses risk erosion in business trust and reduced consumer confidence, which are potentially far greater costs than purely financial ones.
There is no way around it, industry and government must promote cybersecurity as an aspirational career pathway, and invest in the development of skilled cybersecurity professionals to meet this increasing demand.
The cost of doing business will continue to rise unless we confront the talent gap that currently exists and invest in building the skills of the next generation of IT professionals. That is why the smartest businesses are proactively future-proofing against this shortage. Internally, companies can cross-train existing IT workers to convert them into security specialists, along with continually educating the cybersecurity professionals of tomorrow.
Leaders in the cybersecurity industry also need to actively work with universities to design internship programs that expose students to the security landscape. Giving universities access to cybersecurity experts who can share their real-world experience with university students is the way forward in reducing this skills shortage and defending the state of the nation against cyber attack.
MailGuard is leading by example in this area, offering internships to computer science undergraduates at Deakiin University. In the CIO.com.au interview, Pearce says “It’s good to get people exposed really quickly to the real risks of cyber security. It’s not just a matter of reading a textbook and knowing what goes on. It’s really being involved, at the coalface, taking customer calls, running a customer resolution programme. It’s really important to really understand what it all means.”
Craig McDonald is the CEO and founder of MailGuard, a leading Australian technological innovator providing complete enterprise-grade protection against email and web security threats such as phishing and malware, spyware, viruses and spam
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.