The top three challenges organisations face when hiring for cybersecurity are pay expectations, missing skills and competition.
The vast majority (90pc) of cybersecurity leaders say that the skills gap has affected their ability to implement their cybersecurity strategy.
That’s according to a new study by recruitment company Hays. The report looked at how more than 1,000 cybersecurity leaders and organisations across the world are coping with the skills gap that continues to affect the sector. It was carried out in the latter months of 2022.
The survey spans 29 different countries and looks at internal challenges, such as hiring and retaining cybersecurity staff, and external challenges, such as global events.
In terms of the skills employers need, cloud security came out as the most in demand. This was followed by governance, risk and compliance, security architecture and engineering, and security information and event management (SIEM) or security operations centre (SOC) skills.
When it comes to hiring talent, the top three challenges organisations faced were salary expectations, missing skills and competition from other recruiters.
Another challenge they faced was the lack of experienced candidates looking for work. More than half (56pc) of leaders said they would hire somebody without formal IT security accreditations, while 66pc did not rate their organisation’s ability to attract high-calibre talent.
According to the survey, as many as 72pc of leaders said they believe that recent global events have had a major or moderate effect on their company’s cyber risk profile.
Increased awareness of staffing challenges
However, some findings indicated that leaders and their employees are, at the very least, aware of the challenges they must overcome in an industry that is afflicted with a skills shortage.
Nearly three-quarters (71pc) of leaders said that their organisation invested in training and upskilling programmes for employees. Upskilling was the number one strategy that leaders identified as their method for solving the skills crisis.
Other methods being deployed are cross-training partnerships, university outreach and partnerships with recruitment firms.
How companies try and retain employees also featured in the report. Remote and hybrid working, workplace wellness programmes, flexible hours and good career progression opportunities are all ways leaders are enticing employees to stay.
Overall, Hays found that more than three-quarters of those surveyed (77pc) said that security awareness in their organisation was greater than it had been three years ago.
Commenting on the report, James Milligan, global head of technology solutions at Hays, acknowledged that recent events had led to an accelerated pace of digital transformation and more pressure on cybersecurity teams.
“While it was already becoming a necessity for the vast majority of organisations, recent events have meant that the rate of digital transformation has accelerated over the last three years. That means an increase in data management, while hybrid and remote working means that workers need secure access to their employers’ servers.”
Milligan pointed out that these changes “have afforded threat actors greater opportunities to exploit organisations and infrastructure than ever before”.
“All of this has meant that the demand for people with cybersecurity skills has increased. However, as this outweighs the supply of people with experience or accreditations in cybersecurity, it’s not always straightforward to fill those roles.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.