The growing digitization and consumerism worldwide has generated a drastic increase in our reliance on technology. The COVID-19 pandemic further deepened technological dependencies. Fueled by this transformation, global trade is booming. E-commerce alone reached $4.21 trillion in 2021. But many companies and institutions are struggling with adequate resources to support this growth. We are now potentially facing the greatest threat of cyber failure.
The “war on cyber talent” has raged worldwide for years. Almost a third of organizations say it takes over six months to fill cybersecurity vacancies, and 62% report understaffing. The latest estimates show a cybersecurity talent gap of 2.7 million workers. The World Economic Forum (WEF) warned, “In the context of widespread dependency on increasingly complex digital systems, growing cyberthreats are outpacing societies’ ability to effectively prevent and manage them.”
These mounting cyber risks threaten business resilience and the global commercial, financial, geopolitical and social turbulence further intensify the impact on businesses. Maintaining cyber and overall business flexibility in this uncertain environment is about your people. So what does this mean for your organization?
How the changing, tumultuous world impacts your business
Economic downturns are nothing new. But the pandemic turned the international economy upside down, creating scars that will take years to heal. We also saw other shifts, such as the erosion of social cohesion and a rethinking of personal values. As WEF notes, themes such as income disparities, racial injustice and political divisiveness have polarized societies, exacerbating international instability much more.
Russia’s invasion of Ukraine deepened the global rift. The war reminded us that even a local or regional geopolitical conflict has wide-reaching, universal ramifications. The consequences of these actions also threaten to derail the post-pandemic economic recovery just as it began. We will reemerge from the pandemic and this conflict as a new world, and organizations need to examine how this shift affects their resilience.
The Great Resignation sprang from the turbulence of the past two years. Employees reevaluated their priorities. Cybersecurity job openings grew by 29% in the U.S. last year, a rate more than double compared to pre-COVID. Teams were already stretched thin and burned out, so this substantial exit of talent put more pressure on businesses that had earlier struggled to fill cybersecurity roles.
Turning back the clock on cyber failure
Cybersecurity deficiency is one of the top risks that grew worse since the start of the pandemic. Executives surveyed by WEF identified it as a “critical short-term threat to the world.” Exhausted and overburdened IT and security teams cannot keep up with escalating threats such as ransomware, account compromises, prolific cybercriminal activities and the sprawling attack surface of the remote workplace. This security crisis overlay on top of the global turmoil should compel every business and security leader to ask: Could the implications of the talent shortage be catastrophic?
There is no easy fix for the cyber crisis, but the solution to boosting the strength of your business comes down to your people. If you are not creating a positive culture that attracts, nurtures and keeps top talent, addressing your cyber vulnerabilities will become even more daunting.
Addressing the talent gap through professional development, diversity and inclusion
Your industry no longer defines your competition. The cyber-skill shortage is so widespread that every place that hires cyber talent now meets you on the employment battlefield. When you are fighting for the same limited people resources as your competitors, you must be creative. Salary alone no longer attracts new employees nor motivates any employee to stay with you. They have multiple opportunities awaiting them elsewhere.
Surveys show that employees would stay with their current company if the environment was more inclusive. Cybersecurity has struggled for years to become more diverse. You can broaden their equality vision of your organization through initiatives such as diversifying your leadership, improving pay equity and following diversity-focused hiring and employment practices. Providing growth opportunities for minorities, women and underrepresented individuals speaks more than mere words in expressing your wish to promote an inclusive culture.
As a longer-term strategy, it is also important to inspire younger generations by showing them the value of a cybersecurity career. Mentorships, internships and coaching programs are all effective ways of gaining their interest in cybersecurity.
Succession planning: A business imperative
At the senior leadership level, boosting your people’s resilience requires succession planning. The average estimated tenure of a CISO is only 26 months. Globally, 85% of surveyed CISOs say they are now looking for another role or would consider an opportunity if presented to them. Unless you take aggressive retention action, it is only a matter of time before you are recruiting again.
You are wrong if you think you do not need to activate a succession plan until your CISO makes a leave announcement. The truth is, you should have a long-term program that continually identifies and develops future leaders within your organization. These are your potential CISO successors. You need to prepare them for improvement and promotion.
Follow your succession plan while also keeping your preeminent performers. Start early to groom the right people and help them with upskill. Improve your employees’ prospects to move up within your own organization. Develop them personally and professionally. This strategy also aligns with building a more inclusive culture by decreasing the likelihood of top employees leaving because of a biased or unwelcome environment.
The tidal waves from all the recent global events will last for generations. Digitization continues to crest, escalating cyber risk. Prepare for the next crisis by fortifying your people resources now — and use the lessons learned from these past two years to understand how to create greater resilience.
Lucia Milică serves as VP, Global Resident Chief Information Security Officer at Proofpoint, a leading cybersecurity and compliance company. She is a senior technology leader with over 20 years of extensive technical and business experience. In her previous role, Lucia was the VP, Chief Information Security Officer & Chief Privacy Officer for Polycom, where she managed all aspects of data privacy and information security. She has also held leadership and technical roles in IT governance & strategy, security risk and compliance, corporate and product security, data privacy and IT infrastructure at other companies, including HP, Palm, Wells Fargo and Franklin Templeton. Many organizations in the cybersecurity industry and broader business community have asked her to speak at their conferences, symposiums and other events. She has also extended her contributions to her profession by serving as an advisory board member and active participant with the cybersecurity industry and relevant industry groups, including board membership on the National Technology Security Coalition and service with the Department of Health and Human Services (HHS) 405(d) Cybersecurity Task Group, SC Media Advisory Board and Forbes Technology Council.