Closing the cybersecurity skills gap: 3 steps risk leaders must take

The workforce issues plaguing the cybersecurity sector are no longer a trend — they’re an urgent call to action that leaders need to take steps to answer.

Cyber teams are already overwhelmed by the challenges in the modern risk ecosystem. Cyberattacks are growing faster than positions. Employees are underequipped and under-skilled, trying to keep pace with a rapidly evolving digital ecosystem that hackers are keen to exploit. In some cases, companies have even laid off cybersecurity professionals.

But according to data compiled by NIST, there were more than 600,000 job openings in cybersecurity last year amid growing demand for professionals, with 83% of corporate boards recommending an increase in IT security workers.

With more pressure than ever on boards to take accountability for risk, how can leaders bridge the skills gap and turn their cyber risk into an area of strength? It starts with a holistic approach to growing the risk team and equipping them with the training and tools to help them thrive.

Invest in new cyber talent

Over the past year, cybersecurity professionals have not been exempt from waves of tech layoffs as companies cut costs and restructure. But cutting risk experts at a time when they are needed most creates new risk gaps and opens companies up to threats.

With risks on the rise, now is the time to grow risk teams and invest in new talent. Companies need to be hiring for their risk teams to keep pace with more sophisticated threats and changing regulations.

Employing skilled recruiters to identify quality cybersecurity talent is essential to building the right team. In tandem, attractive compensation packages and clear opportunities for career growth are table stakes for hiring managers to offer candidates.

Develop the existing team through upskilling

In addition to building out new talent, leaders must also focus on investing in their existing team’s skills.

Cybersecurity is an intense, demanding role in part because its practitioners have to match the rapid pace of digital change with their skills to stay one step ahead of potential risks.

Leaders need to build a culture of continuous learning to ensure their teams are prepared and agile for the complex risk environment they face.

Upskilling and reskilling programs are one way companies can fill the cybersecurity skills gap. There are many vendor-specific and vendor-neutral options that can build on the existing knowledge of teams, sharpen their skills, and apply existing skills to new areas of cybersecurity practice. AI and machine learning is another in-demand skill area for training and upskilling, as hackers are focusing on exploiting these technologies.

Employees should also feel empowered to seek out training and certification opportunities on their own, with time flexibility and financial support from leadership.

Lean into AI and GRC tools that empower the risk team

Companies looking to close the cybersecurity skills gap need to equip their teams with future-ready tools and invest in technologies that take their skills to the next level. This includes both AI and governance, risk and compliance (GRC) solutions.

AI has been tested in the market long enough to show that, despite early fears, AI will not replace people. Instead of fearing AI’s capabilities, leaders need to consider how AI can empower their teams to perform better.

In the risk and cyber sector, AI will assist cyber professionals, helping them focus more on strategic analysis and less on low-value manual tasks. Automation and AI can reduce or even eliminate routine tasks that would normally absorb large amounts of time, such as sifting through large amounts of data to identify threats or specific control anomalies. AI and automation can perform these formerly manual tasks, enabling the cybersecurity leaders to focus on analysis, recommendations and decisions.

GenAI is emerging to offer recommendations and action plans for risk teams, in addition to analysis. Anticipatory analytics, which predicts risks and threats, is another growing area of GRC that holds promise for optimizing risk and cybersecurity practice for more efficient teams.

Tech, automation and AI do not necessarily replace people, but they augment their productivity and empower them to focus on high-value work.

The next generation of cyber risk experts

The practice of cybersecurity has evolved incredibly fast over the past decade. Cybersecurity is now a board-level business risk. The CISO and their surrounding team members are expected to advise on a business level and collaborate across the enterprise — far beyond the role of a siloed technical expert.

The cybersecurity team must evolve and grow too, to keep pace with so much change. Investing in people, processes, and tools are the three areas on which leaders must focus on to stay ahead.

Technology alone cannot stop every cyber threat — the differentiator will always be the human factor in managing business risk. Hiring the right team members and properly equipping them is a major step to filling the cybersecurity gap.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.