With increasing digitalisation, the threat of cyber attacks is also rising and so is the demand for IT security experts. The demand for IT security experts has never been more pressing.

According to the Risk & Cybersecurity Study by IT consultancy Tata Consultancy Services (TCS), companies see the biggest challenge in cybersecurity not in budget, but in the lack of professionals with relevant expertise.

According to the study, half of companies in the EU and UK (49%) plan to hire professionals with cybersecurity skills in the future. In North America, as many as two-thirds (65%) intend to go on the talent hunt in the future.

Skills shortage among top challenges for cybersecurity

Chief risk officers (CROs) and chief information security officers (CISOs) report in the survey that they have already had difficulty attracting (44%) and retaining (42%) talent with cyber risk and security skills in the past year.

The second biggest challenge, according to the CROs and CISOs, is a changing work environment with increased possibilities for remote work and the associated risks.

For example, innumerable employees had to be given remote access to their employer’s systems and databases at short notice due to the pandemic and the resulting move to remote work. This opens up new points of attack for cybercriminals.

Assessing security risks and quantifying their costs is the third-biggest obstacle for the respondents.

Cybersecurity not a budget issue

Budget constraints comes in at only 10th place in the ranking. The fact that the latter are affecting fewer and fewer companies is shown by the high level of willingness to invest: 52% of UK and European companies and 62% of North American companies stated that they had increased their budgets for IT security since last year.

“Keeping abreast of the most advanced tactics of cyber criminals is not a question of cost. Rather, the challenge lies in finding and retaining the right professionals with the required know-how,” says Santha Subramoni, global head: cybersecurity at TCS.

How companies ensure they have a recruiting edge 

One measure alone can’t solve the skills shortage.

“However, companies can help fill the skills gap by using external service providers for harder-to-staff work, such as 24/7 network monitoring, while growing talent internally by giving them exposure to not only the technical but the business aspects of cybersecurity,” says Subramoni.

In addition, the study shows that the more frequently the board of directors engages in cybersecurity, the more successful the company is in finding and holding onto their top talent with cyber risk and security skills.

The situation is similar in South Africa, says TCS South Africa country head and executive director Langa Dube. “The move towards WFH and emerging hybrid working models in the last two years has increased cyber security risks. This in turn has raised the demand for personnel skilled in cybersecurity fields, but these staff are difficult to find, and they come at a premium.”

The TCS study also finds that talent retention directly correlates with how a company stores its information. Cloud-positive organizations were found to have a slight advantage in retaining and recruiting talent with the notoriously hard-to-find cyber skills, compared to those companies who think that on-premises or traditional data centre security is preferable to what is available via the cloud.

In fact, embracing cloud platforms gives companies a five-point advantage in recruiting and retaining talent with cyber risk and security skills.

“As businesses look to keep up with rapidly evolving complexities in cybersecurity, the talent gap is widening,” says Bob Scalise, managing partner: risk and cyber strategy at TCS. “Demonstrating a serious commitment to cybersecurity by sustained attention from senior leadership, funding, and process changes will be vital to recruiting and retaining top talent.”

  • The TCS Risk & Cybersecurity Study, published by the TCS Thought Leadership Institute, highlights the most pressing cybersecurity issues facing senior business leaders across Europe and North America. The study is based on results of a survey of more than 600 CISOs and CROs, from companies with at least $1-billion in annual revenue, across banking & financial services, utilities, media & information services, and manufacturing. Topics include global risk, cybersecurity, resilience, and ecosystem/cloud security.  The survey took place in February and March 2022. Editor@tech-talk.co.za