How the Private Sector Can Close the Cybersecurity Workforce GapApril 16, 2020 | By Wayne O'Neill
Because cybersecurity is an emerging practice in the private sector, many organizations have yet to fully embrace the need for cybersecurity initiatives to protect their valuable data and technology assets. This includes not investing as much as is needed in the cybersecurity workforce.
What we have found is that many businesses downplay cybersecurity — until they are directly affected. Some of the comments we have come across include: “cybersecurity is a government matter,” “we haven’t been affected by a cyber attack, so this doesn’t apply to us,” or “we have more pressing matters than cybersecurity.”
The reality for today’s organizations is that cybersecurity is not just a government matter, it’s not a matter of if — but when — your organization will be impacted by a cyber attack, and this is a pressing matter.
- U.S. Council of Economic Advisors: Malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. [Full Report]
- Juniper Global Research: On a global scale, the damage in 2019 was estimated at $2.1 trillion. According to Cybersecurity Ventures, the damage could increase to $6.1 trillion in 2021.
- Accenture Cost of Cybercrime Study: The average cost of cybercrime for an organization increased to $13.0 million in 2018. [Full Report]
- Accenture: The frequency of cyberattacks grew by 11 percent in 2018.
Cyber attackers see access to information as a valuable treasure. And, organizations that leave their technology systems exposed are running a great risk of having their data stolen, compromised, or held ransom.
The more of a threat that information theft becomes, the greater the need for cybersecurity education, new cybersecurity technologies, and finding qualified cybersecurity professionals to support your organization to ensure a strong defense against new and emerging cyber threats.
The Need for Cybersecurity Vigilance for the Private Sector
A key reason why cybersecurity has remained at an immature stage is because many organizations do not have a mechanism for accounting for unseen threats. At least, not until the threat arrives at the front door and suddenly the impact is felt.
To further add to the point, the Council of Economic Advisers, who released the “Cost of Malicious Cyber Activity to the U.S. Economy” report cited above, made an interesting observation about how the private sector generally approaches the threat of a cyber attack:
“Cyberattacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sector relative to the socially optimal level of investment.”
In other words, the threat is real, but how are private sector organizations supposed to justify the investment and expenditure in a cybersecurity defense until there is a clear and evident threat?
This scenario presents a challenge for many organizations in the private sector to reset their thinking. It’s about taking a proactive approach of investing in systems, technology, and people now to prevent a major incident rather than not spending now and paying a much bigger price down the road.
Organizations are starting to take the right steps, as Morgan Stanley estimates that cybersecurity spending will more than double from 2015 to 2020 to $128 billion. However, according to their report, “spending on these products will remain below spending on other IT hardware, software, equipment, and services.”
Even though spending is increasing, there is still a lot of catch-up that needs to happen. The gap in cybersecurity investment when compared to other IT resources and infrastructure is significant, and organizations need to continue to close this gap. But how?
Invest in Training the Cybersecurity Workforce
We recognize that one of the constraints for the private sector is finding talent to support cybersecurity initiatives. Even if we wanted to build a strong defense, where do we find the right talent for critical positions?
There is no denying a significant gap in the number of cybersecurity workers available and the actual work that needs to be performed. There simply aren’t enough qualified cybersecurity professionals available in the market to fill the need for the private sector.
It’s a pressing matter for organizations that need more skilled cybersecurity leaders and talent to come into their organization and provide security and support to protect critical data and digital resources.
We have found that one of the best ways for organizations to close the cybersecurity talent gap is partnering with colleges and universities to invest in on-campus cybersecurity training programs.
This way, organizations can run scenarios of their own cybersecurity issues in a simulated environment to perform testing. They can also build a pipeline of educated talent to join their cybersecurity defense team after graduating from college.
Work With Reset to Close the Cybersecurity Talent Gap
At RESET, we work closely with the private sector and colleges/universities to facilitate the development of cybersecurity training programs, ultimately helping to close the gap between organizational need and available talent.
Through our Cyber Range Concierge service, we deliver a connection between higher education and the private sector to create an environment of collaborative work. The result is the creation of virtual environments that enables organizations to train and test for cyberwarfare.
It’s a test bed where security experts can validate hardware, software, and networks for security vulnerabilities. College students play a key role in actively participating in test scenarios and simulations to receive hands-on experience in the cybersecurity field. Students gain access to valuable, hands-on training that will prepare them to enter the cybersecurity field, which in turn creates a talent pipeline to private sector organizations.
The benefit to higher education is that by connecting organizations to students, there is an opportunity to introduce attractive new degree programs that provide a clear and promising career path out of college, while funneling these talented individuals into the private sector, where cybersecurity professionals are desperately needed.
We are actively involved in the process by helping connect higher education and organizations to create testing grounds and increase the value of degree programs. This collaborative approach is a critical piece of the puzzle to address the cybersecurity workforce challenge facing the private sector.
To learn more about utilizing our Cyber Range Concierge service to address your organization’s cybersecurity workforce needs, contact us today. We are ready to help strengthen your organization’s cyber defense against unwarranted attacks.