Europe’s increasing shortage of skilled cyber security workers poses a significant risk to both businesses and citizens alike.
The latest report from (ISC)2 saw just under two-thirds of European employers stating that they are struggling to find cyber security staff. No matter the size of the business, the recent Cyber security workforce study 2019 discovered that survey respondents pointed to a talent shortage as being their number one concern, and just over half reported that they feared their organisation was at either moderate or extreme risk as a direct result.
The varied nature of cyber security work, coupled with its rapid growth in recent years, makes these hiring difficulties understandable. The UK government, in its Initial national cyber security skills strategy policy paper, acknowledged that the ‘rapid development has led to a fragmented narrative around cyber security skills and a lack of coherence between the different specialisms’.
Many employers prefer to buy ‘ready-to-go’ talent, rather than build skills internally. This key problem may appear attractive in the short term but only encourages the skills shortage and as such is costly in the long run. Recent data shows that more than half of all UK businesses and charities (54%) have a basic technical cyber security skills gap, demonstrating the necessity of shifting the focus to building talent.
Experis has identified four key strategies organisations should use to help develop the workforce of tomorrow. With cyber security workers in such short supply, it is crucial that HR leaders no longer solely focus on buying new skills as needed. Rather, a complete workforce strategy must be developed which combines the four elements outlined below, creating a Total Talent Management approach.
Build – Invest in learning and development for existing employees
Upskilling is scaling up. Promoting a culture of learnability throughout an organisation is critical to success in this digital age. By 2022, over half (54%) of employees will require significant reskilling and upskilling. To truly compete in today’s market and boost the cyber security workforce, companies need to promote a culture of learning by taking steps such as providing career guidance, offering short, focused upskilling opportunities as well as identifying and nurturing talent with transferable skill sets.
Buy – Go to market to attract the talent that cannot be built in-house
79% of employers currently plan to buy the skills they need, either paying higher market prices when recruiting externally or improving compensation for existing staff. Companies are happy to pay more for sought-after skills; however, the challenge comes when those skills are not available. Then the only option is to build.
Borrow – Cultivate communities of talent beyond the organisation
Digitisation has created new ways of working and new generations of workers who are increasingly open to flexible work approaches. To attract, retain and motivate NextGen cyber security workers, companies need to address any existing disconnect by being more open to offering alternative ways of working.
Bridge – Help people move on or move up to new roles
Bridging requires tools including assessment, big data and predictive performance to define adjacent skills, identify strengths and help workers create clear career paths. Companies need to prioritise the fair treatment of workers and ideally offer support to move on to new opportunities elsewhere if an employee’s specific skills are no longer required.