Steve Morgan, founder of Cybersecurity Ventures, presents this scenario: Imagine if street crime exploded and society had millions of unfilled law enforcement jobs, and those positions remained open. The outcome? Utter chaos, he says. And the same goes for cybersecurity.
Published on August 28th, 2022 📆 | 7337 Views ⚑
0CEOs need to start caring about the cybersecurity talent gap crisis, new report shows
BY Sydney LakeAugust 10, 2022, 4:45 PM
A participant in offline competition Hackathon 2022, in Kolkata, in July. (Photo by Sankhadeep BanerjeeâNurPhoto/Getty Images)
âThatâs our cyber risk if we donât fill positions in our industry,â he tells Fortune.Â
Between 2013 and 2021, the number of open cybersecurity jobs worldwide grew 350% from 1 million to 3.5 million, according to Cybersecurity Venturesâ Boardroom Cybersecurity 2022 Report shared exclusively with Fortune ahead of its Wednesday release. The cybersecurity research company predicts that in five years, those jobs will still be openâeven though cybersecurity professionals, on average, make well over six figures. The report is sponsored by cybersecurity company Secureworks.Â
âWe have so many highly talented people in our industry, but thereâs a mismatch in the number of working security professionals relative to growing needs in the global market,â Wendy Thomas, president and CEO of Secureworks, tells Fortune. âWhile technology, including automation and machine learning, can help shrink the gap, itâs not sufficient.â
The goal of the Boardroom Cybersecurity Report is to demystify cybercrime and cybersecurity topics, which boardroom and C-suite executives tell Cybersecurity Ventures can be âtoo technical, and use terms they donât understand.â Simply put, cybercrime damages are costing companies trillions of dollars while the cybersecurity talent gap just continues to widen.
âThink of the growing gap as a dam. If small holes start to appear, the risk that the dam will fail increases exponentially,â Thomas adds. âAs hackers continue to successfully grow their e-crime businesses, it further erodes our collective wall of defense.â
How cyberattacks are costing companies
In 2022, cybercrime damages are predicted to cost $7 trillion globally, according to the report, and the cost is only going to increase. During the next four years, Cybersecurity Ventures expects global cybercrime costs to grow by 15% each year. By comparison, cybercrime damages cost $3 trillion globally in 2015.
Cybercrime continues because hackers are opportunistic, Thomas explains, and their organizations are financially motivated; they need just one unlocked door to steal money from a company.
âTo break the hacker profit model, companies have to make themselves a hard target,â she says. âFailure to do so is to await the inevitable day the adversary finds their way into your unlocked door.â
Ransomware is one of the most prolific types of cybercrime. This is a type of malicious software used to block access to a computer system until a ransomâor amount of moneyâis paid to the attacker. Under the premise that cyberattacks happen every two seconds, Cybersecurity Ventures predicts that ransomware will cost victims about $265 billion annually by 2031. Consequently, the company also projects that the cyber-insurance market will grow to $14.8 billion in 2025, but $34 billion by 2031.
âTo mitigate threats, CEOs need to understand the areas of greatest risk to their business from a successful cyberattack and balance their investment in security protection accordingly,â Thomas says. The three areas of cybersecurity investment with high return include employee education, having holistic detection capabilities, and recovery preparation, she adds.
How executives should take action
The focus on cybersecurity needs to start in the boardroom, Morgan argues. CEOs at every Fortune 500 company and midsize to large organization should advocate to have those with cybersecurity experience on their board, he says.Â
âThat could be the [chief information security officer (CISO)] or an outside executive with real-world cybersecurity experience,â he says. âDo it now to protect your organization, not after a breach or hack to protect your reputation.â
By 2025, 35% of Fortune 500 companies will have board members with cybersecurity experience, according to the Cybersecurity Ventures report, and by 2031 that will climb to more than 50%. By comparison, last year just 17% of Fortune 500 companies had board members with this type of background.
The thought is that if cybersecurity is a regular boardroom discussion, then the importance of it will trickle down to the rest of the organization, Morgan says, becoming a part of the companyâs DNA. He encourages executives to take cybersecurity as seriously as profit and loss discussions.
âThe alternative is uglyâthe CISO comes running for money that was never set aside, and itâs not their fault even though they are oftentimes the scapegoat,â Morgan says. âPut your money where your mouth is; thatâs never been more true than it is with cybersecurity.â
See how the schools youâre considering fared in Fortuneâs rankings of the best masterâs degree programs in nursing, computer science, cybersecurity, psychology, public health, business analytics, and data science, as well as the best doctorate in education programs, and part-time, executive, full-time, and online MBA programs.
Gloss