Increasing digitization and consumerism worldwide have dramatically increased our dependence on technology. The COVID-19 pandemic has further deepened technology dependencies. Fueled by this transformation, world trade is booming. Only e-commerce reached $4.21 trillion in 2021† But many companies and institutions are struggling with sufficient resources to support this growth. We may now be facing the greatest threat of cyber failure.
The ‘war on cyber talent’ has been raging worldwide for years. Nearly a third of organizations say so lasts more than six months to fill cybersecurity vacancies, and 62% report understaffing. Latest estimates show a cybersecurity talent gap of 2.7 million workers. The World Economic Forum (WEF) warned: “In the context of widespread reliance on increasingly complex digital systems, growing cyber threats are outpacing societies’ ability to effectively prevent and manage them.”
These mounting cyber risks threaten the resilience of companies and the global commercial, financial, geopolitical and social turbulence amplify the impact on companies. Maintaining cyber and overall business agility in this uncertain environment revolves around your people. So what does this mean for your organization?
How the changing, tumultuous world is affecting your business
Economic recessions are nothing new. But the pandemic turned the international economy upside down, leaving scars that will take years to heal. We also saw other shifts, such as the erosion of social cohesion and a rethinking of personal values. As the WEF notes, issues of income inequality, racial injustice and political divisions have polarized societies, exacerbating international instability that much more.
The Russian invasion of Ukraine has widened the global divide even further. The war reminded us that even a local or regional geopolitical conflict has far-reaching, universal consequences. The fallout from these actions also threatens to derail the post-pandemic economic recovery, just as it began. We will emerge as a new world from the pandemic and this conflict, and organizations need to explore how this shift affects their resilience.
The Great Resignation emerged from the turbulence of the past two years. Employees re-evaluated their priorities. Cyber Security Jobs grew by 29% in the US last year, more than double compared to pre-COVID. Teams were already stretched thin and burned out, so this substantial outflow of talent put more pressure on companies that previously struggled to fill cybersecurity roles.
Turning the clock back on cyber failure
A cybersecurity shortage is one of the biggest risks that has worsened since the start of the pandemic. Executives surveyed by WEF identified it as a “critical short-term threat to the world”. Exhausted and overworked IT and security teams can’t keep up with the escalating threats such as ransomware, account compromise, multiple cybercrime activities and the sprawling attack surface of the remote workplace. This security crisis on top of the global turmoil should force every business and security leader to ask themselves: Could the implications of the talent shortage be catastrophic?
There is no easy solution to the cyber crisis, but the solution to increase the effectiveness of your company comes down to your people. If you don’t create a positive culture that attracts, nurtures and retains top talent, tackling your cyber vulnerabilities will become even more daunting.
Addressing the talent gap through professional development, diversity and inclusion
Your industry no longer defines your competition. The cyber skills shortage is so pervasive that any place that hires cyber talent will now find you on the employment battlefield. When you’re fighting for the same limited human resources as your competitors, you need to be creative. Salary alone no longer attracts new employees or motivates any employee to stay with you. They have multiple opportunities waiting for them elsewhere.
Surveys show that if the environment were more inclusive, employees would stay with their current company. Cybersecurity has struggled for years to become more diverse. You can broaden their vision of your organization’s equality through initiatives such as diversifying your leadership, improving pay equality, and following diversity-focused hiring and employment practices. Providing growth opportunities for minorities, women and underrepresented individuals goes beyond words when expressing your desire to foster an inclusive culture.
As a long-term strategy, it is also important to inspire younger generations by showing them the value of a career in cybersecurity. Mentorships, internships, and coaching programs are all effective ways to spark their interest in cybersecurity.
Succession Planning: A Business Necessity
At the senior leadership level, increasing the resilience of your people requires succession planning. The average estimated tenure of a CISO is only 26 months† worldwide, 85% of CISOs surveyed say they are now looking for another position or would consider an opportunity if given one. Unless you take aggressive retention actions, it’s only a matter of time before you recruit again.
You’re wrong if you think you don’t need to activate a succession plan until your CISO makes a leave announcement. The truth is, you must have a long-term program that continuously identifies and develops future leaders within your organization. These are your potential CISO successors. You have to prepare them for improvement and promotion.
Follow your succession plan while also keeping your leading performers. Start early to train the right people and help them with upskilling. Improve the perspective of your employees to progress within your own organization. Develop them personally and professionally. This strategy also aligns with building a more inclusive culture by reducing the likelihood of top employees leaving because of a biased or unwelcome environment.
The tidal waves of all recent global events will last for generations. Digitization continues, increasing cyber risks. Prepare for the next crisis by empowering your people now – and use the lessons you’ve learned over the past two years to understand how to create greater resilience.
Lucia Milică is VP, Global Resident Chief Information Security Officer at Proofpoint, a leading cybersecurity and compliance company. She is a senior technology leader with over 20 years of extensive technical and business experience. In her previous role, Lucia was the VP, Chief Information Security Officer & Chief Privacy Officer for Polycom, where she managed all aspects of data privacy and information security. She has also held leadership and technical roles in IT governance and strategy, security risk and compliance, business and product security, data privacy and IT infrastructure at other companies, including HP, Palm, Wells Fargo and Franklin Templeton. Many organizations in the cybersecurity industry and wider business community have asked her to speak at their conferences, symposia and other events. She has also expanded her contributions to her profession by serving as a member of the advisory board and actively participating in the cybersecurity industry and relevant industry groups, including board membership of the National Technology Security Coalition and service with the Department of Health and Human Services (HHS) 405(d) Cybersecurity Task Group, SC Media Advisory Board and Forbes Technology Council.