The growing IT skills gap continues to stifle the global economy. As demand for skilled professionals outstrips supply, government and business alike are unable to achieve their desired growth brought about by successful adoption of technology.
There is a growing subsector within the IT skills gap which now presents a far more dangerous risk, cybersecurity. Unless the growing skills void is addressed, the increasing prevalence and severity of cyber-attacks present a credible threat to individuals, organisations and perhaps entire nations.
How serious is the threat?
There are individuals who might scoff at the idea of a single cyber-attack threatening an entire nation. That the cybersecurity skills gap is a real issue, I’d call them the unaware. ISACA, global leaders in information security guidance and creators of the new CSX Practitioner certification have pulled together a series of research studies to highlight the dangers.
The cost of the cybersecurity skills gap
In a recent research study from Juniper Research, it’s estimated that the cost of cybercrime will reach $2.1trillion globally by 2019. That’s four times the estimated cost in 2015. A figure that happens to be significantly higher than the yearly GDP for 230 of the 238 countries listed on the CIA’s World Factbook. Financial losses on this scale are enough to bankrupt a nation who’s GDP sits below this threshold. At the very least, it would plunge a nation’s economy into financial freefall. The repercussions of which could last a generation.
It’s not just countries that are at threat. According to the same research study, the average cost of a single data breach will reach $150 million dollars by 2020. TalkTalk, a UK telecoms company, is reported to have lost 101,000 customers and suffered costs in excess of $85 million dollars following a security breach in October, 2015. This single breach places a once successful company of the brink of financial ruin. All this, the result of a lack of cyber security knowledge.
It’s not just hearsay, 97% of security professionals surveyed in ISACA’s 2015 APT study believe advanced persistent threats (APTs) represent a credible threat to national security and economic stability.
The likelihood of cyber-attacks affecting you
Most individuals and organisations adopt the ‘it will never happen to me’ mind-set when thinking about cybercrime. This attitude within business is exactly the type of behaviour that results in cybercriminal carrying out a successful attack.
The reality of how many individuals and organisations have been the victims of a cyber-attack is actually shocking. The Digital Crimes Unit at Microsoft reports that 50% of online adults were the victims of cybercrime in the past year alone. Many of these indviduals are still unaware their data has been stolen, that their personal details are being sold on a black market for user data. The same report highlighted that one in five small to medium size businesses have been targeted by cybercriminals.
Looking at these numbers, it’s only a matter of time before the sites are set on you. Is your cyber security knowledge up to spec to protect you, or your organisation from these attackers?
How big is the cybersecurity skills gap?
The stats paint a bleak picture. The impact of cybercrime is vast and the future is bleak. So, if we are to close the cybersecurity skills gap, what’s the challenge? Again, it’s huge, demand for cybersecurity professionals is 3x the growth of the overall IT jobs market and 12x the overall jobs market. To make matters worse, a study from US News and World Report states that demand for cyber security professionals is growing at a rate of 36.5% through to 2022.
If supply fails to meet this growing demand, we’re looking at an industry wide shortfall of 2 million cybersecurity professionals by 2019. 64% of organisations now believe that fewer than half the applicants for open security roles have the skills necessary to fulfil the role. This is causing delays of up to 6 months for organisations looking to recruit qualified cyber security professionals. This leave these organisations vulnerable to attacks.
How do we fill the cybersecurity skills gap?
Organisations are increasing turning to training programs, like ISACA’s Cybersecurity Nexus program, in a bid to up-skill current employees to the level required to protect their organisation.
However, the reality is clear, there needs to be a serious step change. If real change is to happen, we must go back to grass roots and look at the approach to cybersecurity in the education system. If governments were to introduce cybersecurity as part of the curriculum, it would promote awareness and encourage more children to choose cybersecurity as a career pathway.
The next step is for government and business leaders to recognise and react to the dangers. Thankfully, this is already happening with the UK leading the way. In November 2015, Chancellor George Osbourne announced that the UK government is planning a £1.9 billion investment in cybersecurity over the next 5 years. Effectively doubling the existing financial investment. Alongside this, business leaders and managers must be willing to recruit less skilled applicants. Before bringing them up to speed through cybersecurity training.