The Truth About the Growing Cybersecurity Skill Gap

Reading Time: 5 minutes

Cybersecurity is a growing industry with a prominent issue of the skill gap. Even the World Economic Forum mentioned in its January 2019 report that the United States has over 200,000 cybersecurity skills requiring job vacancies and employers are facing a tough time to fill them [1]. This huge imbalance between the supply and demand of the talent makes it easier for hackers to use the disadvantage for their own good. The data clearly reveal the shocking reality of the issue at hand. With the lack of required professionals in the organizations, malicious threats are now posing in a very sophisticated manner, and it is important for organizations to fight back with all the help they can get.

There are two major reasons for this substantial skill shortage: lack of required skills and underinvestment of organizations in their cybersecurity solutions, although the research survey of the Enterprise Strategy Group in 2018 shows different data, with 92% surveyed organizations in the United States, United Kingdom, and Australia accepting to increase their cybersecurity budgets for the same year. The report undoubtedly proves that organizations are now considering the budget priority issue with seriousness [2].

Mistakes in the Past Leading Us to the Present Scenario

No cyber experts could have anticipated that the negligence in our past would lead us to where we are now—with a giant lag in the supply chain.

Digital transformation has led us to the more frequent use of web and cloud applications as well as services. This also gave rise to the demand for employing more IT professionals. But with this rapid increase, it has become almost impossible to keep up with the latest hiring processes.

When considering the recruitment of security expertise only, the issue is loaded with a couple of other challenges. In comparison to smaller firms, large enterprises possess enough budget to hire cybersecurity professionals. But the fact is, smaller firms are not just the easy targets, they also provide a channel to intrude the digital space of larger organizations. This is not the only reason for the workforce shortage; companies have a narrow and traditional eligibility spectrum for qualifying as a security professional. Cybersecurity skills are now beyond mere degrees, certificates, or prior experience. It is now mandatory for organizations to evolve their traditional hiring process by changing the eligibility criteria.

Reasons Craving Attention and Leading to Cybersecurity Skill Gap

The cybersecurity skill gap is an evident problem with various ground realities seeking to be fixed. This personnel shortage has sparked numerous challenges for other professionals too.

  1. Professionals Equipped with In-Demand Skills Look for Tech-Based Companies

    Skilled cybersecurity professionals look for opportunities in either core tech companies or the ones with big brand names. The primary reason for this priority can be due to limited exposure to other industries being dependent on cybersecurity or exciting salary offers.

    Cyber threats have now reached the point where any critical data stored or flowing over a network is not secure. From retail stores to hospitals, every business should be seeking for cybersecurity professionals, especially with long-term technology-inclusive objectives in mind. It is important for HR professionals of other industries to strategize appropriately to create awareness among cyber professionals of their job vacancies. To stay ahead of your competitors, companies should increase the tech knowledge of all their employees too.

    The later reason, which depicts the budgetary priority of different organizations, is also a major challenge to target upon. Only the organizations know the value of their respective data. So, being an organization, if you think that your data need to be protected, then offering a fair amount to a cybersecurity professional should not be your concern.

  2. Continuous Increasing Demand

    The skill gap has now become an ever-growing mountain for its climbers, the recruiters of the cybersecurity roles. Even the statistics indicate that by 2021, there will be 3.5 million unfilled cybersecurity jobs [3].

    There are times when professionals can overcome the future of existing issues, but in the case of tech crisis, addressing the problem is already out of control. A few HR professionals take the proactive route to solve the issue by hiring just-trained talent. They hire professionals directly after their graduation by making them go through company-sponsored degree programs or certifications. This approach highly benefits both recruiters and students [4].

  3. Lack of Communication Skills

    The skills of a cybersecurity professional are not only limited to the knowledge of the latest malware and the approaches to save various devices from cyber threats, but they also need to know the efficient way to communicate. The management of the organization must know the importance of cybersecurity solutions. For this, the professional would need to be able to convince the management to relieve a certain amount of funds for tools or resources.

    The strong written and vocal communication abilities can lead the organization to fix a fair amount of budget for the company’s cybersecurity solutions.

  4. Judging on Duration of Previous Work Experience

    Hiring a professional on his/her qualification background has always been considered as the best practice. But in this contemporary world, the skills of a professional cover vast knowledge than his/her degree or certification shows. Organizations must understand the value of the knowledge of a person than just limiting the selection criteria to certain years of work experience. It’s time we broaden our perspective of a qualifying individual for a job vacancy [3].

Approaches to Get Hold of the Situation

There are a few considerable approaches listed below which are capable of significantly addressing the cybersecurity skills shortage.

  1. Public–Private Partnership

    The public and private sector must come together to get hold of the worsening situation. A few years ago, former president of the United States, Barrack Obama, came up with a partnership between Washington and Silicon Valley to bridge the cyberspace gap [5]. A similar but more efficient approach has been adopted by Israel. The model bridges the cybersecurity relationships between the military, other government agencies, various academic institutions, numerous cybersecurity vendors, and venture capitalists [6].

  2. Combined Efforts of Industries

    Instead of going alone, cybersecurity and technology vendors should come together to pool their resources and talent to build effective strategies to overcome the cybersecurity skill gap. An industry-wide effort can surely minimize upcoming challenge.

  3. Establishment of Interactive Tools

    It is important that with the estimation of the futuristic industry-wide impact of cybersecurity skill gap, we create adaptable tools to gauge the long-term changes in the industry. These interactive tools can be built in collaboration with government and public agencies.

As these measures will take time to get into existence, meanwhile, organizations and security managers must take individual efforts to deal with the present issue. Organizations can provide professional training to individuals aspiring for cybersecurity career and security managers can make organizations understand the importance of recruiting efficient cybersecurity professionals for the job.

Signs of Improvement

The recognition of the issue at the national level is already under process. From public–private partnership to the work of Cybersecurity Workforce Alliance for accelerating the cybersecurity readiness in entry-level candidates, professionals are trying to make a difference with their efforts. But all these mark as just a beginning of a roller-coaster ride which will have a long way to go. The cybersecurity skill gap requires a more focused and solid approach.


  1. https://www3.weforum.org/docs/WEF_Towards_a_Reskilling_Revolution.pdf
  2. https://www.thehaguesecuritydelta.com/media/com_hsd/report/213/document/ESG-Research-Insights-Paper-Spirent-2018.pdf
  3. https://cybersecurityventures.com/jobs/
  4. https://www.information-age.com/recruiting-in-the-age-of-the-cyber-security-skills-gap-123476988/
  5. https://apps.dtic.mil/dtic/tr/fulltext/u2/1044745.pdf
  6. https://cyber.haifa.ac.il/images/pdf/cyber_english_A5_final.pdf
Editor's Note:
Reviewed by Don Cox, Chief Information Security Officer at MEDNAX and Claudio Cilli, Member, National Cyber-security Expert Group, Healthcare Services
get certified from ec-council
Write for Us