The world is lacking 3 million cybersecurity professionals, according to the latest report by the World Economic Forum (WEF). “There is an undersupply of cyber professionals—a gap of more than 3 million worldwide who can provide cyber leadership, test and secure systems, and train people in digital hygiene,” it said.
A sustained dearth of cybersecurity professionals could eventually impede “economic growth”. The report acknowledged that new endeavours to “democratize” cybersecurity, such as furnishing security risk management tools free of cost, may benefit small companies and other organizations to some extent.
However, “there are concerns that quantum computing could be powerful enough to break encryption keys, which poses a significant security risk because of the sensitivity and criticality of the financial, personal and other data protected by these keys. The emergence of the metaverse could also expand the attack surface for malicious actors by creating more entry points for malware and data breaches”, it said.
This gives rise to the demand for cybersecurity professionals. “Security consulting services, which include planning of cyber security strategies, policy development, and building security architecture, are expected to grow at a compound annual growth rate (CAGR) of 12.2% over 3 years to become a market worth $157 million by 2022,” said a PWC report.
“The security implementation services market in India is estimated to increase from $221 million in 2019 to $320 million by 2022, at a CAGR of 13.2%, given that drawing up effective cyber security strategies depend on successful security implementation,” it said.
According to the Data Security Council of India, “the most advertised security job is ‘Analyst’. However, there is a significant demand for security operations, threat management, security management, identity and access management.”
However, enterprises are struggling to find talented security professionals.
In 2021, Sophos found, “67% of companies are having difficulty staying up to date with their cybersecurity environment and in-house skills are an important consideration in helping organizations tackle this issue”.
“Unfortunately, 59% of businesses agree that their company’s lack of cybersecurity skills is challenging for their organization, a marginal 3% improvement from 2019’s 62%,” it said.
“Security is not just about mastering technology but the contextual application of it. The key is knowing the environment and applying appropriate controls. Enterprises look for professionals who have knowledge of both and often find it difficult to get the right mix in a professional,” said Yask Sharma, CISO, Indian Oil Corporation Limited.
The issue largely is that no amount of cyber security professionals from outside can fix cyber security. “Cybersecurity is a culture that you have to develop within your organization. No external products or engineers can help with that as every engineer needs to be trained with this skill and most Indian engineers are hardly trained on this front and many do not understand the concept of privacy, though some may understand cyber security,” corroborated Srinivas Kodali, researcher, Free Software Movement of India.
The evolving and ever dynamic cyber threat environment needs highly agile and up-to-date cyber professionals to protect enterprises. “With a plethora of technologies and evolving domains, finding the right fit is a huge challenge and there is a large demand versus supply gap in the talent market. Structured and planned upskilling of existing cyber teams on selected areas, especially cloud and data security, can help organizations stay ahead of the curve,” pointed out Samir Khare, vice president, cybersecurity, APAC, Capgemini.
The solution is simple but time-consuming — either internal organic growth or long-term contractual engagements. “The attackers are hitting where it hurts the most and they spend a lot of time in finding the spot and, therefore, the defenders need to know their areas better than the attackers,” Sharma said.
This phenomenon, however, is a silver lining for comparatively smaller cyber security businesses as they are seeing a greater than ever spike in demand. “With most employees working from home, the number of cyberattacks have increased around 300% in the last year alone. With our interaction with the CISOs/ CIOs community, we hear if they need 10 cybersecurity professionals in a team, they currently have three, which is 30% cybersecurity experts in their team,” said Sandip Kumar Panda, co-founder, and chief executive officer at Instasafe Technologies.
“Mid-size and small organizations who do not have cyber experts in their teams are now outsourcing their security services to various cyber security vendors. So, the need of the hour is how SMEs and enterprises work closely and fill this gap,” he said.