An economic downturn and the Covid-19 pandemic are adding new challenges to hiring for crucial cybersecurity roles, exacerbating an already difficult job market.
The cybersecurity talent gap grew by 26.2% over the past year, with around 3.4 million unfilled jobs worldwide, according to a new study from (ISC)2, a nonprofit professional organization that offers cybersecurity certifications.
Seventy percent of around 11,000 cybersecurity practitioners and decision makers surveyed by (ISC)2 said their companies don’t have enough cybersecurity staff to be effective. Almost half said their teams didn’t have enough time for proper risk assessment and made oversights in certain procedures because of staff shortages, according to data released Thursday.
With economic pressure this year, there is a risk that some companies will view cybersecurity as an expense instead of as crucial for protecting businesses, said
(ISC)2’s chief executive. “We really need to move to a place where cybersecurity is considered a strategic imperative,” she said.
While the cybersecurity labor shortage increased, the number of people working in the area grew by around 11% globally over the past year, or a total of around 464,000 new professionals, (ISC)2 found.
Compensation can be a barrier to filling cyber jobs, said
chief information security officer at French sportswear and equipment retailer Decathlon SA. “Cybersecurity experts know how much they’re worth on the market. They also know how desperate we are as a company,” he said.
Decathlon has become more flexible and creative in its search for cybersecurity staff and hired 26 employees last year and more than 30 so far in 2022, Mr. Illikoud said. One store manager in Spain with no cybersecurity experience approached Mr. Illikoud last year seeking advice on how she could enter the field. The company paid for evening classes and hired her as a cybersecurity officer managing four people, he said.
One potential silver lining of an economic downturn is that companies might be more willing to hire entry-level cybersecurity staff and offer them training, Ms. Rosso said.
Regulatory requirements could force companies to invest more in cybersecurity, Ms. Rosso said, referring to the Securities and Exchange Commission’s recent proposals. The draft rules include a requirement for companies to disclose which board members have cyber expertise.
Many corporate cybersecurity leaders hire staff from other internal teams and offer specific training if they need it.
“Maybe we can just find good engineers and teach them,” said
which operates the New York Stock Exchange.
Mr. Pugh said hiring cybersecurity experts is a long game, and initiatives to expand the talent pipeline could yield results years down the line. Intercontinental started working about a year ago with an Atlanta-based nonprofit that trains people from nontraditional backgrounds in technology and cybersecurity skills. The company hired three students who finished the program after coming from jobs cleaning houses and working in physical security. “My dream is maybe one of these students will be the CISO one day,” he said.
Training employees requires companies to invest time and support, and many struggle to keep up. Thirty-eight percent of professionals surveyed by (ISC)2 said that because of staff shortages, their teams didn’t have time to train each new hire.
Companies struggle in particular to hire experts for technical roles in security engineering and cloud security, said
CISO at accounting software firm
“In a year’s time, it’s going to be worse than it is today, harder than it is today. We’re all going to be chasing the same midcareer veteran,” he said.
At investment management and insurance company
several members of the cloud security team moved from the company’s technology group, said CISO
Employees in Principal’s tech team are showing more interest in moving to cybersecurity than they have in the past, she said.
Ms. Anderson said she has adapted to job candidates’ requests since the pandemic. Around 43% of Principal’s cybersecurity team is now remote, up from roughly 20% before the pandemic, she said.
“There’s a lot of discussion around this talent gap in cybersecurity, but I have people constantly saying ‘how do I get into cybersecurity?’” she said.
Write to Catherine Stupp at Catherine.Stupp@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8