Skip to main content

Finding cybersecurity talent in an altered world

Since the onset of the pandemic, attracting and retaining top-quality talent has become a common plight for many organisations across the world. In the cybersecurity space, however, this shortage can have debilitating effects. With rapid advancements in technology and the mounting sophistication and proliferation of cyber threats, large organisations, such as financial services institutions, require high calibre cybersecurity capabilities to avert financial and reputational repercussions. While a shortage in cybersecurity talent is by no means universal, in certain geographies the talent pool can be incredibly shallow—and the war for that talent incredibly fierce.

Not only will organisations have to cast a wider net in their recruitment efforts, but they must play a role in attracting and training people to enter the profession.

What’s behind the cybersecurity talent shortage?

To collectively resolve the cybersecurity talent shortage, it can be helpful to understand why it exists in the first place.

  • Insufficient educational programmes - In many parts of the world, cybersecurity is a component of technically-focussed college-level IT programmes—and is treated as a skill-based course individuals can take after they earn their degree. In some jurisdictions, you can obtain a standalone certification in cybersecurity, but it’s not considered a university programme.
  • Misperceptions about the industry - As cyber threats have evolved so, too, has cybersecurity—and, as a result, the awareness level around what this profession entails varies greatly. Many senior leaders, for instance, still believe cybersecurity is primarily a highly technical profession and aren’t aware that it can also include many non-technical roles
  • Cultural barriers - Misperceptions around cybersecurity impacts the number of people pursuing such careers as well as the types of people organisations hire. But these misperceptions are by no means universal and differ from country to country.
  • Working conditions - In some jurisdictions, cybersecurity has a reputation for being a low-paying job with long hours and few opportunities for career advancement. In a recent Deloitte survey, 27% of respondents acknowledged that the cybersecurity profession lacks clearly defined career paths, 23% said they lacked learning and development opportunities, and 30% felt compensation and incentive plans weren’t keeping pace with the market
  • Gender inequality - Like many Science, Technology, Engineering and Math (STEM) workforces, cybersecurity is predominantly male dominated, resulting in a self-perpetuating gender gap. Due to gender inequality in the field, many women drop out of STEM programmes before ever entering the job market.

Closing the gap

While many organisations across the globe are grappling to find adequate cybersecurity talent, a small fraction are beginning to differentiate themselves in the marketplace.

  • Get more involved in academia - Right now, academia tends to treat cybersecurity as a supplemental skill—something you acquire after a degree—rather than a Tier 1 educational programme. To deepen the cybersecurity talent pool, this must change.
  • Broaden your horizons - Successful cybersecurity teams are strengthened when team members have diverse disciplinary backgrounds. As such, it makes sense to broaden recruitment efforts and introduce cybersecurity to individuals who may not view it as a traditional career option.
  • Challenge misconceptions - If cultural barriers and misconceptions are preventing individuals from applying for cybersecurity roles in your region, it may be time to explore the root cause of those barriers and devise a marketing strategy to overcome them. This will involve reflecting on the needs of the local talent pool, their perception of your business and the talent narrative you’re telling.
  • Explore new geographies - While some major cities struggle with talent shortages—particularly where large banking centres, technology hubs and public sector organisations are located—there are countless smaller cities that have a wealth of idle talent. By building capability in smaller suburban areas, organisations may find they have the pick of a wider talent pool.

How Deloitte attracts top cybersecurity talent

  • Internship programmes and sponsorships - In Australia, Deloitte partnered with the state government to sponsor a cyber academy. Through this programme, the government subsidises approximately 40 university students each year to work with Deloitte and our clients and acquire valuable hands-on cybersecurity experience.
  • Professional training bootcamps - The Deloitte office in Brazil recently completed its second cybersecurity bootcamp. Through this programme, Deloitte Brazil provides cybersecurity training to a few hundred professionals.

The path forward

Finding cybersecurity talent is challenging for many organisations right now—but, contrary to popular belief, the problem isn’t only a talent shortage. Rather, it’s how organisations approach the talent search and how they’re defining the ideal cybersecurity job candidate.

To learn more about how Deloitte can help you build effective cybersecurity teams, contact us.

Nick Seaver

Partner - Deloitte UK

Cyber and Strategic Risk

Steve Rampado

Partner - Deloitte Canada

Cyber and Strategic Risk

Ari Davies

Partner - Deloitte Japan

Cyber and Strategic Risk

Dinesh Santhiapillai

Partner - Deloitte Australia

Cyber and Strategic Risk

Eder de Abreu

Partner - Deloitte Brazil

Cyber and Strategic Risk

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey