With an ever evolving digital landscape, cybersecurity recruitment has undergone some radical changes in recent years — but is it enough to keep up with demand?
In 2022 alone, cybercrime cost $7 trillion globally. To put that figure into perspective, if cybercrime were a country, it would be the world’s third largest economy.
Cybercrime continues to evolve quickly, and many companies simply haven’t kept up. Suffering from a data breach has become the equivalent of being robbed or attacked in the street, but the magnitude of such a threat increases dramatically depending on the type of data your organization deals with.
Financial, health, intellectual, and government information are the most likely to be stolen, but any commercial cybersecurity breach will lead not only to financial losses but can irreparably damage your reputation as well.
Given what’s at stake, it’s no surprise that solving the cyber security talent shortage is regarded as a high priority. The global cyber security market was valued at USD $202.72 billion in 2022 and is projected to expand at an annual growth rate of 12.3% from 2023 to 2030. Ultimately, organizations need to take their cybersecurity obligations seriously — but where do you start?
Understanding the rapid rise of global cybercrime
Although there are roughly 1.1 million employed cybersecurity professionals in the United States alone, the cyber security talent shortage is still a problem that’s only getting bigger. Cyber attacks are becoming more common and harmful, and even though we tend to only hear about the attacks of high-profile entities, no company — or individual, for that matter — with an online presence is immune to attacks.
New data sourced from Checkpoint found that when compared to the same period in the previous year, global cyberattacks increased by 38% in 2022, with the United States in particular seeing a surge of 57%. These cyberattack numbers were driven by smaller, more agile hackers and ransomware gangs, who focused on exploiting collaboration tools used in work-from-home environments but also targeted education institutions that shifted to e-learning post-COVID-19.
This increase in global cyberattacks also stems from hacker interest in healthcare organizations, which saw the largest increase in cyberattacks in 2022, when compared to all other industries. CPR warns that the maturity of AI technology, such as ChatGPT, can accelerate the number of cyberattacks in 2023.
Cybersecurity talent shortage is driven by more than market growth
Despite the warnings from experts to expect more cyber warfare in the years to come, the International Information System Security Certification Consortium (ISC) predicted that around 1.8 million cybersecurity jobs would go unfilled in 2022. What’s more, is that a previous study from ISC found that 57% of businesses said that they currently have unfilled cybersecurity positions on their team.
As cybercrimes continue to increase, companies are understandably investing heavily to improve and secure their digital infrastructures.
Aside from increased demand, other factors driving market growth and the cybersecurity talent shortage include:
- Growth of ransomware, data breaches, and cybercrimes
- Discovery of new security threats and attack vectors
- Demand for data protection and compliance regulations
- Artificial Intelligence (AI) and Machine Learning (ML)
- Increasing sophistication in cyber threats
With just a handful of relevant vacancies including cybersecurity analysts, network engineers, senior software developers, IT directors, systems engineers and even testing staff, it’s becoming increasingly evident that the way we appreciate cybersecurity recruitment needs to change if we want to stay ahead of the potential pitfalls of global digitalization.
5 cybersecurity recruitment issues that organizations need to address
A 2019 study by Burning Glass revealed that the number of cybersecurity job postings has grown by 94% in just six years, with cybersecurity positions now accounting for 13% of all information technology jobs. Like many other fields, this unique market is not just struggling with existing skills shortages, but retention issues as well.
Although not unique to this sector, there are a number of issues that can block effective cybersecurity recruitment and attrition. If organizations want to genuinely hire in-demand cybersecurity professionals that are qualified and content at work, then the following factors first need to be addressed.
1. Employee Burnout
Employee stress and burnout are some of the major reasons employees leave their jobs, and according to a 2021 Forrester survey, 51% of cybersecurity professionals experienced extreme stress or burnout, with 65% saying they had considered leaving their jobs because of job stress. In pressure-cooker roles, it’s crucial to have the right people in the right jobs.
2. Lack Of Diversity
Women held just 25% of cybersecurity roles in 2022. Although this figure is up from 20% in 2019, and around 10% in 2013, removing bias from the hiring process has the potential to be revolutionary for solving the cybersecurity talent shortage. To improve your cybersecurity recruitment process, ensure that you’re not removing skilled candidates from the talent pool and assess skills, not backgrounds.
3. Poor Working Conditions
According to new figures from Glassdoor, the average salary for a Cyber Security Specialist in the United States is $85,524. While stress is at times unavoidable in this line of work, companies have a responsibility to address employee well-being through initiatives such as wellness programs, realistic job roles, and yes, salaries. If you don’t, the cybersecurity talent shortage means that someone else will.
4. Irrelevant Degrees
Once upon a time, a bachelor’s degree was enough to cover all digital bases tied to information technology, but that era is over. Educate yourself on the many different roles that come under this umbrella instead of expecting a single person to cover all of your digital assets, as the reality is that there are now several different types of cybersecurity roles to hire for.
5. Bad Hiring Practices
The experience and skill of a cybersecurity professional aren’t metrics that can be measured via a standard interview — and yet, countless companies continue to use impractical and outdated recruitment methods to attract this type of talent. In turn, this alienates candidates who are more than capable of doing the work, yet may not have the opportunity to showcase their skills during the interview process.
Fundamentally, the future of effective cybersecurity recruitment is not necessarily tied to a candidate having the right degree, but having the right skills. By the time it takes to study, the information absorbed may already be outdated.
Instead, hiring managers and recruiters should be validating cybersecurity certifications through skills assessments, and using job simulations to verify that an applicant can actually perform the required tasks in real-world settings.
Why job simulations are the future of cybersecurity recruitment
By 2025, 35% of Fortune 500 companies will have board members with cybersecurity experience, according to the Cybersecurity Ventures report, and by 2031 that will climb to more than 50%. By comparison, last year just 17% of Fortune 500 companies had board members with this type of background.
For organizations that want to target high-value B2B clients and stay ahead of the curve before inevitable legislation is introduced, taking cybersecurity seriously is a must. However, you shouldn’t have to be a cybersecurity expert in order to hire a cybersecurity expert, which is why a growing number of organizations are rethinking the hiring process as a means to attract top talent.
Enter: job simulations. Some of the basic skills required for almost any cybersecurity job role are incident handling and response, audit and compliance, firewall/IDS/IPS skills, intrusion detection, analytics and intelligence, SIEM management, access/identity management, application security development, advanced malware prevention, and cloud computing/virtualization.
More specialized positions will require some or all of these skills, in addition to many others that are more closely linked to the role’s requirements within an organization.
Coding knowledge of C#, C++, Angular, Node.js, AWS, Google Cloud Platform, and Azure will continue to see intense demand in 2023 and beyond, and Application Development Security (ADS) and Cloud Security (CS) are the two fastest-growing skill areas in cybersecurity, with estimated growth of 164% and 115%, respectively.
The tricky part is testing a candidate’s level of knowledge and experience linked to these skills. While anyone applying for a cybersecurity position can claim to have studied these specific requirements and tick off the right boxes during traditional recruitment processes, what happens if you hire them, only to find out a few months later that expectations don’t match reality?
Job simulations are critical for ensuring that an applicant can walk the walk, and not just talk the talk.
Hiring managers and recruiters can use a job simulation to learn whether or not a candidate has sound knowledge of tools, management, and strategies to manage the standard to advanced cybersecurity needs of an organization.
When the results of the job simulation are finalized, companies can expect to get a good idea not only of the applicant’s technical knowledge but their ability to manage stakeholders and work across departments.
You won’t be able to learn how to ride a bike by reading about it in a book. Similarly, you won’t gain any new muscles from watching YouTube videos about pushups. Like it or not, some things simply have to be done in order to fully understand them or gain any value from them.
Hiring the ideal cybersecurity expert for your organization involves far more than a candidate having the right degree. You can read about their skills on their resume, but nothing will replace the power of seeing a candidate actually do the work — and this is where the magic of job simulations come in.
Meet the experts on cybersecurity recruitment solutions
Vervoe is an end-to-end solution that is proudly revolutionizing the hiring process. By empowering companies to create assessments that are tailored to suit the specific requirements of a role in cybersecurity, Vervoe predicts performance using job simulations that showcase the talent of every candidate. This way, you can confidently hire an expert without needing to be one yourself.
By assessing an applicant’s ability to perform the role through a skills assessment, our job simulations focus on the work — and not the person. To see people do the job before they get the job, book a demo today and let our experienced team run you through Vervoe’s full range of ready-made and tailored solutions.