Three actions to reduce your cyber security skills gap

Despite multiple initiatives to address the cyber security skills gap in the last decade, it is still a major problem for organisations: according to our LinkedIn pulse poll 48% of respondents said ‘Talent Recruitment’ was a top concern for them and internal skills shortages are one of their main security challenges right now.

The threat actors are also on the rise. Our latest Threat Intelligence Reports show March and April 2023 having the most attacks ever recorded by our team, suggesting organisations need to be more resilient now than ever before.

With this in mind, we outline three actions to reduce your cyber security skills gap and build resilience against the new threat landscape and current economic climate:

1. Target your recruitment

2. Develop and retain your talent

3. Outsource effectively

TARGET YOUR RECRUITMENT

Recruitment can be costly and time-consuming, so it’s important that it is focused on quality rather than quantity. Practically, this means that you should identify the specific skills that your organisation would benefit from and target your recruitment to provide those skills.

Firstly, review your business strategy and create a security roadmap to determine the skill sets that you will need to execute that strategy. For example, if you are launching digital transformation projects, you will need people with specific expertise around moving to the cloud. If you are acquiring or merging with another organisation, you need someone who can assess the risks of that organisation and how it will affect your security posture.

If you don’t know what your current security requirements are, consider assessments such as red teaming exercises or cloud security reviews that can identify your risks in specific areas. Benchmarking tools can also help you to establish your short, medium and long-term priority areas, enabling you to recruit strategically and cost-effectively within those areas.

Ultimately, cyber security is such a broad subject that it is impractical to recruit experts in every area. By focusing on the specialisms that are most relevant to your strategy and security roadmap, you can cut through the competitive cyber recruitment market and acquire the skills that will tangibly increase your resilience against cyber threats.

DEVELOP AND RETAIN YOUR TALENT

People regularly leave to secure a higher salary elsewhere, creating a revolving door effect that makes it difficult for organisations to address their skills gaps. However, skilled individuals also leave because their employers fail to deliver a well-defined career path for them, presenting an opportunity for you to develop and retain your talent more effectively.

Start by reviewing exit interviews to establish why previous employees decided to leave, and ensure that you offer tailored training and development initiatives that empower people to do their jobs effectively.

You should also consider an apprenticeship and training scheme to develop the skills that your organisation requires internally. By giving your senior employees responsibility for training those apprentices, you can give them a greater sense of purpose and career satisfaction, reducing the likelihood that they will be tempted away by other organisations.

It’s likely that you will need to recruit specialists in some areas. However, by investing in your existing talent, you can reduce your skills gap without committing huge chunks of your budget. You can also make your organisation more attractive to new recruits as budgets recover from the impact of the recent layoffs.

OUTSOURCE EFFECTIVELY

Outsourcing is one of the fastest and most effective ways for an organisation to complement and strengthen its internal resources,

With budgets stretched, outsourcing offers decision makers a quick and cost-efficient method to improve their cyber resilience until they can afford to recruit dedicated specialists. It also allows organisations to determine their resource requirements before making firm commitments to spending on recruitment, enabling them to allocate their budgets more effectively.

For example, cyber threat intelligence and security monitoring and detection are two areas of cyber resilience that are most likely to be outsourced or are already being outsourced more than before. Both fields require dedicated teams of experienced specialists working around the clock to stay ahead of threat actors and new attack trends, so it would not always be practical for many businesses to recruit here.

Outsourcing can also give organisations the flexibility to address specific short-term security requirements that can’t always be addressed internally. For example, cyber security awareness training is also a key area that organisations recognise the importance but are not confident that they have the resources to deliver in-house.

Against the new threat landscape, this ‘try before you permanently buy’ approach could be an effective way to determine which skills your organisation needs to recruit and which you can afford to outsource. By relieving under-resourced security teams, it can also reduce the skills gap in the short and long-terms.