A massive shortage of cyber security workers plagues IT departments around the world in every industry, and it’s an uphill battle that will only escalate.
Between 2010 and 2014, the demand for cyber security workers grew three times more than the supply of professionals capable of filling those roles. More than half of organizations wait up to six months to find qualified security candidates, while 84 percent employ workers in cyber security roles who are not fully qualified.
The gap between the supply and demand for cyber security experts will only continue to widen on both ends. Companies will expand and new ones will form, adding servers, networks, mobile devices and a host of other ways for a growing army of hackers using a wider array of tactics to gain access to data and operations.
But the supply of professionals capable of protecting IT networks is well short of today’s needs and would need to grow exponentially to meet demand in the next five years and beyond. That will be an overwhelming challenge considering that less than 2.4 percent of college students graduate with computer science degrees, despite these jobs paying 85 percent more than the national median wage.
In fact, by 2019, the cyber security talent shortage could reach 2 million.
The best way to minimize the gap is to invest in IT security training. Companies should strongly consider providing incentives for their existing IT staff to add cyber security to their knowledge and skills, including paying the costs to complete training. At the same time, they should also do what they can to encourage professionals to join their firms with the potential of training them to fill those jobs.
And because the tactics used by hackers quickly evolves, cyber security training must be an ongoing endeavor.
This may sound like an expensive investment, but the alternative is an organization becoming increasingly vulnerable to breaches, the average cost of which will grow to $150 million by 2020.
Many companies fear that if they spend considerable time and money on cyber security training and development, employees will take those newly acquired skills elsewhere, especially given the high demand. However, training actually can increase employee retention, when the training reinforces the value of the employee.
Also, cost is the largest barrier to training, so helping employees cover the expense will do a lot to add available workers. Better training will also open the lucrative cyber security market to job seekers without prior technical experience. It will also allow current cyber security professionals to advance in their careers by providing them more opportunities to learn challenging niche skills.
Finally, to ensure that investment in training is creating qualified experts, companies should look for training opportunities that are hands-on, intensive, and that immerse students in the methodologies and application of hacking concepts, techniques, and tools. Training and certifications should enable students to demonstrate that they can perform the skills needed to be effective on the job when an IT security threat or crisis occurs.