Mind the cyber skills gap

By Flick March

Managing IT risk has become increasingly difficult with new and complex threats emerging daily.

Rising energy prices cause increased operational spending in data centers.

Supply chain issues create vulnerabilities and geopolitical tensions heighten focus on nation-state cyberattacks.

Understanding and managing this web of IT risk can be daunting for any organization. The challenge has only been compounded by a persistent shortage of talent available to help. 

To better understand the cyber skills gap, we commissioned a study with IDC: Building Resilience in a Digital-First World. The findings shine new light on how skills shortages impact organizations’ operational resilience and have become a key priority for C-suite executives.

Study findings include:

• Skills gaps cause delays: Skill shortages led to an average delay of four months in completing digital projects, according to IDC. Organizations around the world are finding it difficult to recruit IT talent who can help them digitally transform.
• IT security and operations professionals are in high demand: IDC found the two technology roles in highest demand for key technology initiatives are IT security professionals and IT operations professionals.

In the meantime, Cyberseek—a project focused on closing the cybersecurity skills gap in the United States—has tracked 1.1 million cybersecurity professionals employed there, but found nearly 770,000 cybersecurity job openings. The finding further highlights the gap particularly of cybersecurity professionals.¹

Additionally, the U.S. Bureau of Labor Statistics projects information security analyst employment will increase 35% between 2021–2031.²

• Data privacy, cloud security, and cloud-based digital resilience are the top operational skills needed: Data privacy issues will persist as new regulations emerge and there is an increased focus on ensuring our cyber world remains private. Notably, the move to cloud is often a new territory for many organizations, so they want to ensure they have the right skills to help them leverage cloud technology safely.

Staffing for cyber resilience

To manage the full spectrum of IT risk, organizations need to staff talent across cybersecurity, compliance, IT operations, business continuity, and supply chain risk, just to name a few.

Importantly, the individuals must work in conjunction with one another. For many organizations, building this alignment requires tearing down established silos and embracing a new way of thinking.

That new way of thinking may best be described as cyber resilience.

We define cyber resilience as the ability to anticipate, protect against, withstand, and recover from the adverse conditions, stresses, attacks, and compromises of cyber-enabled business.

Cyber resilience represents a convergence of all areas of IT risk—cybersecurity, business continuity, disaster recovery, compliance, and more.

The mindset and approach enable leaders to not solely focus on risk mitigation. It’s a broader view to help ensure the business is available, secure, and compliant so that it continuously operates and delivers critical operations without the threat of downtime, breaches, or fines.

Read the report from IDC, Building Resilience in a Digital-First World, for more data on the cyber skills gap and C-suite priorities that suggest the time is ripe for a cyber resilience approach. 

Flick March is the Global Vice President of Security and Resiliency for Kyndryl.

1 Cybersecurity supply/demand heat map, Cyberseek, April 2023
2 Occupational Outlook Handbook, U.S. Bureau of Labor Statistics, September 2022