4 ways firms can reduce the cybersecurity skills gap

Organisations are currently facing a significant crisis — the cybersecurity skills gap. According to the World Economic Forum, the global economy requires 3.4 million cybersecurity experts, but organisations are struggling to fill that gap. The ninth annual research report, State of Cybersecurity 2023, from cybersecurity association ISACA, revealed that in India alone, over 40% of enterprises reported being understaffed in their cybersecurity teams. This skills gap is leaving businesses vulnerable to more attacks. 

However, experts believe that there are ways to reduce the gap between the demand for skilled cybersecurity professionals and the available talent pool. These solutions include exploring the outsourcing of cybersecurity services, establishing better partnerships with vendors, leveraging advances in technology, and investing in training and upskilling. 

1. Reliance on AI/ML 

Another innovative solution that has emerged from the skills gap is a greater reliance on automation and machine learning (ML) in cybersecurity operations as these technologies can automate routine tasks and enhance the capabilities of existing staff. 

“AI-driven security solutions can analyse vast datasets in real time, identifying anomalies and potential threats faster than human operators. AI-powered machine learning models can also automate threat response, reducing manual intervention and response time,” said Samir Kumar Mishra, Director, Security Business, Cisco India & SAARC.  

Mishra further said, by integrating AI into their cybersecurity strategies, organisations can strengthen their defense and respond more effectively to evolving threats. Besides, it elevates the burden on cybersecurity teams by reducing reliance on human resources for repetitive and mundane tasks. This enables security professionals to dedicate their time and expertise to tackling more intricate and complex security challenges that require human judgment and critical thinking. 

2. Investing in security upskilling 

Experts believe that by prioritising training and upskilling programs, organisations can address the skills shortage. The threat landscape is constantly evolving, and staying updated with the latest knowledge and techniques is essential for effective defense against cyber threats. Moreover, by offering training opportunities, organisations can attract top talent and retain skilled professionals, creating a positive cycle of growth within the organisation. 

Sandeep Rai Sharma, Lead — Security, Advanced Technology Centers in India, Accenture, believes that the skills set required for modern cybersecurity professionals are two-fold. On the technical front, expertise in areas like cyber defence, managed security services, security architecture, networking, virtualisation software, cloud security, risk assessment, authentication technologies, and security attack pathologies is vital.

“In addition, soft skills such as analytical thinking, adaptability, and the ability to demystify and communicate intricate threats to a broader audience are important,” he emphasized. 
"Promoting internal hiring and cross-functional collaboration is another valuable strategy. Bringing in individuals with diverse backgrounds and skill sets, even from outside traditional security roles, can act as a force multiplier," said Lena Smart, Chief Information Security Officer at MongoDB. These professionals can offer fresh perspectives and innovative approaches to security problem-solving, enriching the capabilities of the security team. 

The scarcity of skilled cybersecurity professionals cannot be resolved overnight, and developing cybersecurity talent takes time and effort. Nevertheless, experts believe by embracing innovative solutions and fostering collaborative efforts, organisations can successfully navigate the cybersecurity skills gap and ensure the protection of their critical data and systems. 

3. Open and transparent communication

Maintaining open lines of communication between employees is critical to supporting a strong culture. Daryush Ashjari, VP APJ SE Sales at Nutanix, believes that cybersecurity professionals must blend technical skills like threat intelligence and risk assessment with soft skills such as critical thinking and effective communication to future-proof their careers. 

Effective cybersecurity leadership plays a critical role in managing cybersecurity risks, as they can improve risk management by developing and enforcing cybersecurity policies and procedures to ensure that all employees are following cybersecurity best practices. However, it is not just top management that needs to participate in ongoing and transparent communication. IT and organisational leaders, as well as HR and learning and development staff, need to stay in touch with employees to understand their changing needs and interests, Ashjari said. 

4. Partnering with vendors 

To overcome the talent shortage, it is crucial to find vendors that closely align with an organisation's goals and demonstrate a commitment beyond mere transactional engagements. Forging partnerships with vendors that not only offer technology solutions but also actively involve themselves in solving challenges can prove to be a transformative approach, believe experts. 

"Today, security leaders are seeking vendors who embrace a consultative role, going beyond selling solutions and focusing on understanding the organisation's unique needs. A successful vendor relationship should prioritise adding substantial value to the cybersecurity strategy," Rakesh Ravuri, chief technology officer and senior vice president (SVP) — engineering at Publicis Sapient, said. 

While efforts such as partnerships, upskilling, and the use of technology to reduce the skill gap are already underway, the paucity of talent continues to remain, even as staffing firm TeamLease’s data projects the domestic cyber security sector to grow at 8% annually, to be worth $3.5 billion by 2027.