Mo Ahddoud: “The cybersecurity skills shortage”


Share this content


Implementing a cybersecurity strategy isn’t easy. If it was, the world would be a lot more secure! Unfortunately, the reality is that many organisations struggle to put their plans into practice.
But there is hope. Your business has a plan, a blueprint to make itself more secure.

In this series of articles, and the accompanying guide of actionable steps you can take, Mo Ahddoud, CEO, Chameleon Cyber Consultants will look at the challenges of effective strategic implementation.

In the first piece, Mo looked at common implementation mistakes that organisations make with their cybersecurity strategy. Now, he’ll examine an industry-specific challenge that plays a large part in one of those mistakes: Namely, that organisations lack the right in-house resources because of a global shortage of cybersecurity professionals.

Is there a cybersecurity skills shortage?

In short, yes. There are at least tens of thousands of jobs available in the UK cyber skills sector, with the gap between job availability and jobs being filled continuing to grow.

Despite a general trend showing workforce shortages, recruiting cybersecurity employees into your organisation is uniquely challenging. Younger generations lack knowledge about and interest in the sector, leading to lower recruitment of graduates than in other industries.

On top of recruitment challenges, only 29% of employees in cybersecurity consider themselves to be very satisfied with their job. This is considerably lower than the average across all sectors, leading to a high number of resignations and going some way to explaining the shortage.

The scarcest skills in the cybersecurity industry

With fewer workers trained in cybersecurity, it can be challenging to find employees with the necessary skillset to protect your company from intrusion.

A 2022 Ipsos report into the UK cybersecurity sector found that companies are struggling to fill a variety of roles, including analysts and testers.

Analysts are among the most common in-demand roles, while penetration testers were the most common specialist role facing shortages. Crucially, these roles serve a wide range of organisations; many smaller businesses won’t have any need to hire software developers, but every company will want to make sure they are as secure as possible.

Even then, I’d say nine times out of ten for the businesses we work with, it isn’t worth them hiring someone full time. What would most benefit them is having access to the right level of expertise when they need it. This isn’t just in skilled technical roles either.

Leadership positions are among the generalist roles that over half of businesses have found it difficult to fill. The skills these businesses lack are often around developing and implementing strategies, integrating technology and establishing effective business-as-usual activities.

How the cybersecurity skills shortage affects your business

Security breaches are becoming more common, with smaller businesses increasingly finding themselves as the target of cyber-attackers. The skills shortage in the industry means that organisations who lack the right cyber resources find it difficult to secure their perimeter and are underprepared for recovering from a breach.

If you can find the right people, those employees with the necessary training and skills expect higher salaries, putting them in a stronger position to negotiate their pay. Workers in the cybersecurity sector earn twice as much as the average wage across other sectors.

When combined with the costs of enlisting a recruitment agency, hiring cybersecurity staff on a full time basis puts a significant dent in your budget. This is why many businesses are turning to outsourcing models that allow them access to the right expertise as needed.

What’s being done to tackle the cybersecurity skills shortage?

77% of businesses identify cybersecurity as being a high priority issue – and for good reason. Despite a challenging outlook, there are initiatives aiming to combat the scarcity of skilled cybersecurity professionals.

Microsoft is addressing the cybersecurity skills shortage by helping more women join the industry. Identifying that only 17% of cybersecurity workers are female, Microsoft has created a partnership to recruit and train more women.

Meanwhile, EY is meeting cybersecurity needs by partnering with colleges and universities to attract younger generations with the desired qualifications and skills. Educational partners could provide a stream of recruitable graduates, helping to tackle the skills shortage in your business as well.

The UK Government has partnered with cybersecurity firm, SANS Institute, to develop an upskilling program, identifying that it is cheaper for companies to promote from within than hire externally. Through such programs, IT staff are being equipped with cybersecurity skills – avoiding loss of talent and securing higher retention rates.

Despite the shortages, there are solutions

The initiatives above are a sign that organisations are working to address the lack of expertise in the industry. While your business may not be able to cherry-pick the very best security personnel for every vacant role, by understanding what skills are most in demand and where your needs lie, you can prioritise filling the most important positions.

Typically, if you’re looking to spearhead a significant implementation, these roles will be towards the top of your organisation. Outsourcing is growing in popularity as a solution, particularly for senior roles. We expect this trend to continue.

Allowing businesses to invest only in the expertise they need, rather than hiring someone without a clear idea of the workload that role would have, helps keep costs down.

Recruiting for leadership positions can be especially difficult but finding the right security partner can give your organisation a fresh external perspective as well as a flexible pricing model.

This is why we felt our CISO-on-demand offering could help businesses by providing experienced leadership without the costs of recruiting and retaining such a senior position, on a full time basis.

We’ll cover prioritising the right roles in our next article and, until then, you can check out our actionable guide of further practical steps to enhance your business’s security today.

Receive the latest breaking news straight to your inbox