In the first half of 2023, we witnessed roughly 40,000 job opportunities for skilled cybersecurity professionals in India
Amid rising global and security risks, business leaders across industries have much on their plates. Of the many diverse challenges they contend with today, bridging the skills gaps in cybersecurity is a major one. As per KPMG’s Global Tech Report 2022, the topmost internal challenge that stands in the way of digitally mature organisations wanting to achieve cyber security goals is the lack of key skills at 40 per cent . Several of them have adopted automation to free up their dependency on human resources. However, with the proliferation of security vulnerabilities, automation is more suitable as a supporting tool that can enable Chief Information Security Officers (CISOs) to get a wider perspective on risks. This will help to identify issues and prioritise risks where we need more human resources that possess specialised skills for the job.
The Challenge Of Talent Deficit
In the first half of 2023, we witnessed roughly 40,000 job opportunities for skilled cybersecurity professionals in India. But a 30 per cent demand-supply talent deficit persisted, demonstrating the major skill challenge the industry faces today. There is a critical skills gap across a range of functions including cloud security, data science and analytics, security architecture and engineering, and attack simulation. Another key challenge in cybersecurity is the lack of ‘soft’ skills. Along with technical expertise, skills for such as problem-solving, communication, teamwork, and collaboration are equally pertinent, as these can contribute to developing an enabling work environment.
Moreover, a recent study shows a 30 per cent increase in cyberattacks globally, surpassing 1600 attacks per week. In India, this number stands at 3201 weekly attacks, indicating a sharp 46 per cent increase compared to that of the year before. Challenges such as these have accentuated an urgent need for up-skilling the existing workforce by providing them training in areas such as data privacy, cloud security, AI security etc. that are high in demand.
Addressing Skills Shortage
The responsibility of shaping the future of the cyber security workforce primarily rests with the CISOs. In the constantly changing environment today, technology is embedded into almost all aspects of business operations. As a result, they are now on a look out for employees that bring both business acumen as well as technology skills to the table.
Both existing and new capabilities will have to be considered while designing the course of action to overcome the shortage of talent in the industry. The aim should be to train professionals who can stay on top of emerging threats, while rebalancing the skills within their organisations to meet the changing demand. For instance, today, there is a rising demand for cybersecurity specialists with deeper technical capabilities. To this effect, progressive businesses have had to renew their approach to hiring and training specialist talent from the ecosystem. Against the backdrop of a growing demand for cybersecurity expertise, organisations are recognising the grave need for up-skilling and investing in training programs. This can be achieved in multiple ways.
Firstly, re-skilling the workforce can yield positive results in a matter of two to three years. Though a time consuming task for organisations, re-skilling can help to cope with the shifts in the cyber world, as technology continues to transform and so do the threats. For example, up-skilling in domains such as Cloud Security, Artificial Intelligence, Blockchain Security, Red Teaming and other key skills are in high demand. Furthermore, CISOs can also mull over the idea of roping in people with other skill sets such as data analytics, risk management and cloud. With these core technical disciplines already in place, these professionals can be trained into well-rounded cyber security professionals. A move like this can help converge people from various backgrounds and overcome the lack of diverse perspectives to look at the same problem from multiple angles.
Secondly, the importance of industry-academia partnerships in contributing to the ecosystem of cyber security cannot be underestimated. Investing in young talent by collaborating with higher educational institutions is beneficial from the point of view of training them as per industry requirements. This also presents an opportunity to offer placements and apprentice programmes, which can help fill in the gap in the workforce. Outreach programs with colleges and universities can help to train and inspire those in entry-level jobs to develop the most in-demand skills.
Thirdly, security professionals should also be trained in improving their soft skills, including interpersonal skills such as negotiations, time management and networking. Over a decade ago, the focus was largely solely on honing technical skills. Today, however, the security team has to work collaboratively with the executive leadership and communicate effectively with non-technical colleagues to make them understand the world of cyber risks, thereby highlighting the need for soft skills.
Bridging Gap & Enabling Richer Careers
Research shows that the Indian cybersecurity market share is projected to reach $17.7 billion, with a projected compound annual growth rate (CAGR) of 15.61 per cent by 2033. Looking further ahead, new roles such as resilience strategist, cyber risk modeller, orchestration manager, behavioural analyst, and AI ethicist, are evolving that may not even exist today.
As cyberspace evolves, so will the job roles that the security teams need to perform. The focus will be more on strategic issues involving threat assessment, awareness training, and business alignment, rather than performing the type of repetitive tasks that can be done via AI or predictive analytics. This type of work needs new skill sets such as understanding how large language models work, how they can be trained, how to program them, etc. There is also a need to build awareness of and proficiency in security concepts in connection with the cloud, the Internet of Things, and AI. Today, cyber security professionals are gaining immense importance and have earned enhanced visibility at the workplace. This is largely due to their roles in using cyber security tools to collaborate with businesses for tackling challenges presented by technology. In such a scenario, giving them an opportunity to expand their commercial and strategic skills, will not only help bridge the talent deficit, but also help them build richer careers for themselves.
Author : Akhilesh Tuteja, Partner & National Leader, Clients and Markets and Technology, Media & Telecommunications (TMT), KPMG in India and Global Head – Cyber Security at KPMG
