(ISC)2: Europe Most Aggressive in Closing Skills Gap
European organizations are planning the fastest rate of cybersecurity hiring in the world, with 38% of hiring managers in the region wanting to grow their workforce by at least 15% in the next year.
That’s according to the 2017 Global Information Security Workforce Study, conducted by (ISC)2, which found that two-thirds of organizations currently have too few cybersecurity workers. Overall, the region faces a projected skills gap of 350,000 workers by 2022.
Hiring managers identified that they are relying on their social and professional networks (48%), followed closely by their organization’s HR department (47%), as their primary source of recruitment. Almost all (92%) of hiring managers admit they prioritize previous cybersecurity experience when choosing candidates. But the report calls for employers to do more to embrace newcomers and a changing workforce, to draw from a broader pool of talent.
This is backed by findings that show that workers with non-computing related backgrounds account for nearly a fifth of the current workforce in Europe, and that they hold positions at every level of practice, 63% at manager or above.
Strong recruitment targets, a shortage of talent and disincentives to invest in training also are contributing to the skills shortage. The report describes a revolving door of scarce, highly paid workers amidst a non-existent unemployment rate of just 1% in Europe. Organizations are struggling to retain their staff, with 21% of the global workforce stating they have left their jobs in the past year, and facing high salary costs, with 33% of the workforce in Europe in particular making more than $100,000 per year.
“The combination of virtually non-existent unemployment, a shortage of workers, the expectation of high salaries and high staff turnover that only increases among younger generations creates both a disincentive to invest in training and development and a conundrum for prospective employers: how to hire and retain talent in such an environment?” states the report.
The demand is set against a broad range of security concerns which continue to develop at pace, with the threat of data exposure clearly identified as today’s top security concern amongst professionals around the world. Concern over data exposure reflects the advent of new regulations aimed at enhancing data protection around the world, including Europe’s General Data Protection Regulation (GDPR), to be in force by May 2018.
The report also found a discrepancy between the skills recruiters are looking for and workers’ priorities for developing a successful career, suggesting skills sets may not be keeping pace with requirements. Currently, the top two skills workers are prioritizing include cloud computing and security (60%), and risk assessment and management (41%). Meanwhile, employers prioritize looking for communication (66%) and analytical skills (59%). Only 25% and 20 % of workers are prioritizing communication and analytical skills respectively.
“There are real structural concerns hampering the development of the job market today that must be addressed,” said Adrian Davis, MD, EMEA at (ISC)2. “It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less-experienced candidates.”
Some postulated that if we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society.
“News of a huge gap in cybersecurity experts in Europe by 2022 is at best concerning and at worst societally destructive,” said Claire Stead, online safety expert, Smoothwall, via email.“Hospitals, schools, businesses and governments will all feel the effect of a depleted cybersecurity force if this hole isn’t filled properly. As technology becomes an increasingly important and prevalent staple of society, threat actors will constantly find new ways of hacking the system—which is why cybersecurity experts are the girders that keep up the cyber-web structure. Without the adequate number of cyber-experts, security breaches may well become the norm for our National Health Service, businesses and elections.”
Source: Information Security Magazine