Vervoe logo

10 min read

Why Cybersecurity Recruitment Needs To Change

With an ever evolving digital landscape, cybersecurity recruitment has undergone some radical changes in recent years — but is it enough to keep up with demand? 

In 2022 alone, cybercrime cost $7 trillion globally. To put that figure into perspective, if cybercrime were a country, it would be the world’s third largest economy. 

Cybercrime continues to evolve quickly, and many companies simply haven’t kept up. Suffering from a data breach has become the equivalent of being robbed or attacked in the street, but the magnitude of such a threat increases dramatically depending on the type of data your organization deals with.

Financial, health, intellectual, and government information are the most likely to be stolen, but any commercial cybersecurity breach will lead not only to financial losses but can irreparably damage your reputation as well. 

Given what’s at stake, it’s no surprise that solving the cyber security talent shortage is regarded as a high priority. The global cyber security market was valued at USD $202.72 billion in 2022 and is projected to expand at an annual growth rate of 12.3% from 2023 to 2030. Ultimately, organizations need to take their cybersecurity obligations seriously — but where do you start?

Good cyber security talent will be highly valuable.
The global cybersecurity market is currently valued at over $2 billion dollars, and is predicted to grow at 12.3% every year until at least 2030.

Understanding the rapid rise of global cybercrime 

Although there are roughly 1.1 million employed cybersecurity professionals in the United States alone, the cyber security talent shortage is still a problem that’s only getting bigger. Cyber attacks are becoming more common and harmful, and even though we tend to only hear about the attacks of high-profile entities, no company — or individual, for that matter — with an online presence is immune to attacks.

New data sourced from Checkpoint found that when compared to the same period in the previous year, global cyberattacks increased by 38% in 2022, with the United States in particular seeing a surge of 57%. These cyberattack numbers were driven by smaller, more agile hackers and ransomware gangs, who focused on exploiting collaboration tools used in work-from-home environments but also targeted education institutions that shifted to e-learning post-COVID-19. 

This increase in global cyberattacks also stems from hacker interest in healthcare organizations, which saw the largest increase in cyberattacks in 2022, when compared to all other industries. CPR warns that the maturity of AI technology, such as ChatGPT, can accelerate the number of cyberattacks in 2023.

With a cybersecurity skills shortage. Usa cybercrime is on the rise.
Global cyber attacks increased by 38% in 2022, with the United States in particular seeing a surge of 57%.

Cybersecurity talent shortage is driven by more than market growth

Despite the warnings from experts to expect more cyber warfare in the years to come, the International Information System Security Certification Consortium (ISC) predicted that around 1.8 million cybersecurity jobs would go unfilled in 2022. What’s more, is that a previous study from ISC found that 57% of businesses said that they currently have unfilled cybersecurity positions on their team.  

As cybercrimes continue to increase, companies are understandably investing heavily to improve and secure their digital infrastructures.

Aside from increased demand, other factors driving market growth and the cybersecurity talent shortage include: 

  • Growth of ransomware, data breaches, and cybercrimes
  • Discovery of new security threats and attack vectors
  • Demand for data protection and compliance regulations
  • Artificial Intelligence (AI) and Machine Learning (ML)
  • Increasing sophistication in cyber threats

With just a handful of relevant vacancies including cybersecurity analysts, network engineers, senior software developers, IT directors, systems engineers and even testing staff, it’s becoming increasingly evident that the way we appreciate cybersecurity recruitment needs to change if we want to stay ahead of the potential pitfalls of global digitalization. 

The cybersecurity skills gap is a big problem for us, aus and uk mid-cap companies.
An eye watering 1.8 million cybersecurity jobs went unfilled in 2022. What’s worse, is that 57% of businesses say that they currently have unfilled cybersecurity positions on their team.

5 cybersecurity recruitment issues that organizations need to address 

A 2019 study by Burning Glass revealed that the number of cybersecurity job postings has grown by 94% in just six years, with cybersecurity positions now accounting for 13% of all information technology jobs. Like many other fields, this unique market is not just struggling with existing skills shortages, but retention issues as well. 

Although not unique to this sector, there are a number of issues that can block effective cybersecurity recruitment and attrition. If organizations want to genuinely hire in-demand cybersecurity professionals that are qualified and content at work, then the following factors first need to be addressed. 

1. Employee Burnout

Employee stress and burnout are some of the major reasons employees leave their jobs, and according to a 2021 Forrester survey, 51% of cybersecurity professionals experienced extreme stress or burnout, with 65% saying they had considered leaving their jobs because of job stress. In pressure-cooker roles, it’s crucial to have the right people in the right jobs. 

2. Lack Of Diversity 

Women held just 25% of cybersecurity roles in 2022. Although this figure is up from 20% in 2019, and around 10%  in 2013, removing bias from the hiring process has the potential to be revolutionary for solving the cybersecurity talent shortage. To improve your cybersecurity recruitment process, ensure that you’re not removing skilled candidates from the talent pool and assess skills, not backgrounds. 

3. Poor Working Conditions 

According to new figures from Glassdoor, the average salary for a Cyber Security Specialist in the United States is $85,524. While stress is at times unavoidable in this line of work, companies have a responsibility to address employee well-being through initiatives such as wellness programs, realistic job roles, and yes, salaries. If you don’t, the cybersecurity talent shortage means that someone else will. 

4. Irrelevant Degrees 

Once upon a time, a bachelor’s degree was enough to cover all digital bases tied to information technology, but that era is over. Educate yourself on the many different roles that come under this umbrella instead of expecting a single person to cover all of your digital assets, as the reality is that there are now several different types of cybersecurity roles to hire for. 

5. Bad Hiring Practices 

The experience and skill of a cybersecurity professional aren’t metrics that can be measured via a standard interview — and yet, countless companies continue to use impractical and outdated recruitment methods to attract this type of talent. In turn, this alienates candidates who are more than capable of doing the work, yet may not have the opportunity to showcase their skills during the interview process.

Fundamentally, the future of effective cybersecurity recruitment is not necessarily tied to a candidate having the right degree, but having the right skills. By the time it takes to study, the information absorbed may already be outdated.

Instead, hiring managers and recruiters should be validating cybersecurity certifications through skills assessments, and using job simulations to verify that an applicant can actually perform the required tasks in real-world settings. 

Cutting edge recruiting solutions are needed to get the best cybersecurity teams.
Employee burnout, lack of diversity, poor working conditions, irrelevant degrees, bad hiring practices have been identified as the key issues

Why job simulations are the future of cybersecurity recruitment 

By 2025, 35% of Fortune 500 companies will have board members with cybersecurity experience, according to the Cybersecurity Ventures report, and by 2031 that will climb to more than 50%. By comparison, last year just 17% of Fortune 500 companies had board members with this type of background. 

For organizations that want to target high-value B2B clients and stay ahead of the curve before inevitable legislation is introduced, taking cybersecurity seriously is a must. However, you shouldn’t have to be a cybersecurity expert in order to hire a cybersecurity expert, which is why a growing number of organizations are rethinking the hiring process as a means to attract top talent. 

Enter: job simulations. Some of the basic skills required for almost any cybersecurity job role are incident handling and response, audit and compliance, firewall/IDS/IPS skills, intrusion detection, analytics and intelligence, SIEM management, access/identity management, application security development, advanced malware prevention, and cloud computing/virtualization.

More specialized positions will require some or all of these skills, in addition to many others that are more closely linked to the role’s requirements within an organization. 

Coding knowledge of C#, C++, Angular, Node.js, AWS, Google Cloud Platform, and Azure will continue to see intense demand in 2023 and beyond, and Application Development Security (ADS) and Cloud Security (CS) are the two fastest-growing skill areas in cybersecurity, with estimated growth of 164% and 115%, respectively.

The tricky part is testing a candidate’s level of knowledge and experience linked to these skills. While anyone applying for a cybersecurity position can claim to have studied these specific requirements and tick off the right boxes during traditional recruitment processes, what happens if you hire them, only to find out a few months later that expectations don’t match reality?

Job simulations are critical for ensuring that an applicant can walk the walk, and not just talk the talk.

Hiring managers and recruiters can use a job simulation to learn whether or not a candidate has sound knowledge of tools, management, and strategies to manage the standard to advanced cybersecurity needs of an organization.

When the results of the job simulation are finalized, companies can expect to get a good idea not only of the applicant’s technical knowledge but their ability to manage stakeholders and work across departments. 

You won’t be able to learn how to ride a bike by reading about it in a book. Similarly, you won’t gain any new muscles from watching YouTube videos about pushups. Like it or not, some things simply have to be done in order to fully understand them or gain any value from them. 

Hiring the ideal cybersecurity expert for your organization involves far more than a candidate having the right degree. You can read about their skills on their resume, but nothing will replace the power of seeing a candidate actually do the work — and this is where the magic of job simulations come in. 

Coding skills required for cyber security certification.
Coding knowledge, Application Development Security (ADS) and Cloud Security (CS) are the three fastest-growing skill areas in cybersecurity.

Meet the experts on cybersecurity recruitment solutions 

Vervoe is an end-to-end solution that is proudly revolutionizing the hiring process. By empowering companies to create assessments that are tailored to suit the specific requirements of a role in cybersecurity, Vervoe predicts performance using job simulations that showcase the talent of every candidate. This way, you can confidently hire an expert without needing to be one yourself. 

By assessing an applicant’s ability to perform the role through a skills assessment, our job simulations focus on the work — and not the person. To see people do the job before they get the job, book a demo today and let our experienced team run you through Vervoe’s full range of ready-made and tailored solutions.

Angela Wallace

Angela Wallace

"Angie Wallace is a self-proclaimed word nerd, big thinker, and retired tourism wizard who believes in the art of reinvention every five years—a ritual she considers essential for all good millennials. With a career spanning various roles in the tourism and digital marketing sectors, Angie has amassed a wealth of experience and expertise. She began her journey as a General Manager at Sailing Whitsundays, where she honed her skills in e-commerce and general management over five years. Transitioning into the digital realm, Angie took on roles such as Content Writer at Content Hive, where she specialized in copywriting and marketing, and Content Specialist at Vervoe, focusing on marketing and search engine optimization. Outside of her professional endeavors, Angie is an avid caffeine enthusiast, a connoisseur of in-flight eye masks, and a fan of garage sales and Louis Theroux documentaries. And, occasionally, she indulges in the whimsy of writing about herself in the third person."

Similar articles you may be interested in​

Pre-employment screening is vital for organizations looking to hire talent with the required skills and personality for an open position.

March 14, 2024

The talent market today is quite competitive, both in terms of candidate skill and experience. As such, during recruitment, you

February 20, 2024

Recruitment practices have changed significantly over the years. With time, new pre-employment screening trends have come into play and made

February 5, 2024