The cybersecurity sector is at a crossroads, grappling with what can only be described as an existential crisis. The gap in cybersecurity skills has grown to alarming proportions with Australia boasting a shortage of 25,000 to 30,000 cybersecurity professionals in 2022.
The escalating complexity of cyber threats, showcased by the 95% increase in cloud exploitation incidents in Australia in 2022, shows the desperate need for an investment in individuals with the right mix of abilities, skills, experience, and certifications to safeguard organisations.
Despite this, the talent pool is shrinking as disillusioned cybersecurity professionals seek alternative career avenues. This has reached a point where many organisations grapple with talent retention challenges, as the demand for cybersecurity expertise far outstrips the supply of qualified professionals.
What lies at the heart of this disconnection? The answer may lie in the fact that cybersecurity does not occupy the place of prominence it truly deserves, especially at the highest levels of management. Let’s delve deeper into this issue.
It is Lonely On the ‘Frontline’
Cybersecurity, while deemed important by the C-Suite, often does not receive the same level of prioritisation or urgency as other critical matters, such as sustainability. The role of a cybersecurity professional is inherently inequitable. Cybersecurity teams are rarely acknowledged when things are running smoothly, but they bear the brunt of customer, employee, leadership, and shareholder dissatisfaction when incidents occur. The potential financial and reputational damage only exacerbates the stress.
In a stark revelation, the Allianz Risk Barometer of 2022 declared that cyber incidents now hold the unenviable top position as the primary risk to businesses in 2023, surpassing even natural disasters, pandemics, climate change, and legislative changes.
Moreover, the public discourse surrounding AI often fails to recognise the risks introduced by these new technologies. Frameworks and best practices for AI are still in their infancy, which places a tremendous burden on cybersecurity teams to protect the business, ensure compliance, and foster innovation, all without the necessary time, resources, or influence to guide decision-makers. These circumstances render the job highly stressful.
Without adequate budgets, support, and a genuine appreciation for their work, cybersecurity professionals often feel unsupported and neglected. As the sector experiences a talent drain, it creates a void that is bound to be exploited by malicious actors. What is needed is a cultural transformation, beginning from the top.
We must reframe our understanding of the role of a cybersecurity professional, granting them broader responsibilities and emphasising how their work impacts all facets of a business. Additionally, diversifying the recruitment process to include individuals from various racial, socio-economic, and gender backgrounds, and implementing robust internship and mentorship programs, can help stem the talent drain.
Building a Culture of Security
Cybersecurity is a collective effort; it cannot solely rely on the shoulders of cybersecurity professionals to ensure our safety. A top-to-bottom transformation in how we perceive cybersecurity is essential. Only when organisations realise that there are no distinct boundaries between our work and personal digital lives can we evolve our security posture. We must stop presenting ourselves as easy targets and transition into security-conscious digital citizens.
Cybersecurity teams can serve as the catalysts for this transformation. This is especially crucial since human error is responsible for the majority of cybersecurity breaches, an established fact in the field. Building awareness, offering training, and making people the first line of defence are initial steps in supporting this idea.
The broader organisation can also leverage this as an opportunity to connect with their cybersecurity counterparts. Deliberate training and development initiatives can foster a culture of security advocacy. Senior leadership must lead the charge in training, emphasising cybersecurity as a way of life and solidifying its importance in the minds of employees.
This immediately positions cybersecurity professionals as key players in safeguarding the organisation and mitigating risks. However, this only goes so far. The ever-evolving threat landscape necessitates new skills and technologies. As AI elevates the stakes in the cybersecurity cat-and-mouse game, we cannot allow threat actors to gain the upper hand. We must meet them with equal force.
Providing cybersecurity professionals with the tools they need and acknowledging the effort required to stay ahead of the latest threats are essential for recognising their significance. Making cybersecurity a more attractive and accessible career path, supported at every level, will expand the talent pool. To truly recognise their status, cybersecurity leaders must have a seat at the boardroom table, a privilege that many currently lack.