It is now well established that any entity, whether an organization or an individual, is vulnerable to cyberattacks. Evidently, cyber security is booming. As per Inkwood Research, the global cyber security market is expected to project a CAGR of 9.82% during 2023-2032 and is estimated to garner $52761.19 million by 2032. The industry has managed to stay afloat despite the massive layoffs in the tech industry and the economic downturn. For instance, according to ISC2, an eminent non-profit member organization for cyber security professionals’ ‘2023 ISC2 Cybersecurity Workforce Study,’ the global cyber security workforce has reached 5.5 million.
However, here’s the catch – only 52% of cyber security professionals believe that their organization has the necessary people and tools to respond to cyber incidents. Thus, it is discernible that the skills gap is a pressing issue in cyber security that needs urgent addressing since it affects the IT industry and society alike.
How Wide is the Skills Gap in the Cyber Security Market?
According to Cyberseek, for every 100 cyber security jobs, only 72 cyber security workers were available from September 2022 to August 2023. In addition, cyber security roles take 21% more duration to fill than other IT jobs. Whereas as per Cybersecurity Ventures, around 3.5 million contribute to the cyber workforce shortfall.
The top three skill gaps evaluated at an organizational level include Zero Trust implementation, artificial/machine learning, and cloud computing security. The following section will expound on the Zero Trust and cloud computing security skills gap in the cyber security market.
- ‘Zero Trust’ falls shy of Trust
A July 2020 survey by Deloitte on the Zero Trust model implementation by organizations found that the lack of skilled workers topped the challenges list at 28.3%. Zero Trust is a security model that holds back organizations from placing trust in anything outside or inside their network perimeters. Instead, it authenticates and verifies every device and user before granting access.
Furthermore, on 26 January 2022, the United States Office of Management and Budget (OMB) released the federal strategy to move toward a ‘Zero Trust’ approach to cyber security.
Says Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA), “As our adversaries continue to pursue innovative ways to breach our infrastructure, we must continue to fundamentally transform our approach to federal cybersecurity. Zero Trust is a key element of this effort to modernize and strengthen our defences.” (Source)
At the same time, only 35% of organizations have fully implemented their Zero Trust strategy, according to the Microsoft 2021 Zero Trust Adoption Report.
Implementing Zero Trust is a technical and design challenge, necessitating a solid integration of each level of the organization with the end-user. A reliable foundation for Zero Trust and ongoing visibility would provide a consistent beginning. Nevertheless, it will be tailored to each organization, as there is no general solution for Zero Trust that fits all.
- Cloud Computing Security Gap: An Ever-Growing Concern
Cloud services facilitate the benefits of better flexibility& agility, minimal expenses, and faster time to market for businesses. However, as per the Tenable Cloud Security commissioned IDC cloud security survey, 79% of companies faced at least one cloud data breach in the past 18 months. The top cloud threats were account hijacking, unauthorized access, insecure interfaces, and misconfiguration. This underlines the need for cloud security to constantly evolve and align with emerging challenges and innovations.
At the same time, cyber security skills, particularly cloud security, are scant. According to The Life and Times of Cybersecurity Professionals Volume VI (2023), 7 of 10 cyber security professionals put forth that their companies faced a cyber security skills gap. Whereas the Tripwire and Dimensional Research August 2020 Report states that only 1 of 5 organizations assess their cloud security posture in real time. On the other hand, 22% of organizations assess their cloud security posture manually. This can lead to human errors in assessment due to the exhaustion of their security sources.
Educational Disassociation – The Prime Brute Gnawing at Cyber Security Skills Gap
The evolving threat landscape of cyber security is no match for traditional education systems. Also, higher cyber security education can be time-consuming and expensive, deterring individuals from entering the field. At the same time, bootcamps and short-term courses seldom replace the knowledge depth enabled by a comprehensive education.
For instance, a Peslak and Hunsinger (2019) study found that a higher education degree and professional experience were conventionally needed in the information security domain. Whereas industry certifications were another common listing on ‘Cybersecurity Analyst’ job descriptions. Similarly, a Marquardson and Elnoshokaty (2020) study found that higher education degrees, experience, and industry certifications were representative of various entry-level cyber security positions.
This poses the ultimate question – who is responsible for educating the next generation of cyber-defenders, employers or educators? As per Kaspersky’s ‘The Cybersecurity Skills Gap: A Ticking Time Bomb’ report, 2/3rd of IT professionals opined that education establishments should prepare the future generation of cyber security professionals. While 27% of professionals placed the principal responsibility on the industry to protect its own future.
Global Cyber Security Market: What will Bridge the Skills Gap?
The cyber security industry requires coordinated and concentrated efforts from education, industry, and government. More can be done at an employer level in the form of graduate and training schemes to push the younger population to enter cyber security. Industry-led initiatives in the form of course material consultations, research collaboration, and technology exhibitions can help enlighten, engage, and enthuse the next generation of cyber defenders.
By Akhil Nair
The consequences of the cyber security skills gap can be severe and include increased vulnerability to cyberattacks, data breaches, and financial losses for businesses. It can also lead to an overburdened workforce, burnout among existing professionals, and a lack of innovation in cyber security.
There are numerous career opportunities in cyber security, including roles such as cybersecurity analysts, penetration testers, security engineers, incident responders, security consultants, and ethical hackers. These roles offer a range of entry points for individuals interested in pursuing a career in cyber security.