Skip to main content

Finding cybersecurity talent in an altered world

Since the onset of the pandemic, attracting and retaining top-quality talent has become a common plight for many organizations across the world. In the cybersecurity space, however, this shortage can have debilitating effects. With rapid advancements in technology, and the mounting sophistication and proliferation of cyber threats, large organizations, such as financial services institutions, require high caliber cybersecurity capabilities to avert financial and reputational repercussions. While a shortage in cybersecurity talent is by no means universal, in certain geographies the talent pool can be incredibly shallow—and the war for that talent incredibly fierce.

Not only will organizations have to cast a wider net in their recruitment efforts, but they must play a role in attracting and training people to enter the profession.

What’s behind the cybersecurity talent shortage?

To collectively resolve the cybersecurity talent shortage, it can be helpful to understand why it exists in the first place.

  • Insufficient educational programs - In many parts of the world, cybersecurity is a component of technically-focused college-level IT programs—and is treated as a skill-based course individuals can take after they earn their degree. In some jurisdictions, you can obtain a standalone certification in cybersecurity, but it’s not considered a university program.
  • Misperceptions about the industry - As cyber threats have evolved so, too, has cybersecurity—and, as a result, the awareness level around what this profession entails varies greatly. Many senior leaders, for instance, still believe cybersecurity is primarily a highly technical profession, and aren’t aware that it can also include many non-technical roles
  • Cultural barriers - Misperceptions around cybersecurity impacts the number of people pursuing such careers as well as the types of people organizations hire. But these misperceptions are by no means universal and differ from country to country.
  • Working conditions - In some jurisdictions, cybersecurity has a reputation for being a low-paying job with long hours and few opportunities for career advancement. In a recent Deloitte survey, 27% of respondents acknowledged that the cybersecurity profession lacks clearly defined career paths, 23% said they lacked learning and development opportunities, and 30% felt compensation and incentive plans weren’t keeping pace with the market
  • Gender inequality - Like many Science, Technology, Engineering, and Math (STEM) workforces, cybersecurity is predominantly male dominated, resulting in a self-perpetuating gender gap. Due to gender inequality in the field, many women drop out of STEM programs before ever entering the job market.

Closing the gap

While many organizations across the globe are grappling to find adequate cybersecurity talent, a small fraction are beginning to differentiate themselves in the marketplace.

  • Get more involved in academia - Right now, academia tends to treat cybersecurity as a supplemental skill—something you acquire after a degree—rather than a Tier 1 educational program. To deepen the cybersecurity talent pool, this must change.
  • Broaden your horizons - Successful cybersecurity teams are strengthened when team members have diverse disciplinary backgrounds. As such, it makes sense to broaden recruitment efforts and introduce cybersecurity to individuals who may not view it as a traditional career option.
  • Challenge misconceptions - If cultural barriers and misconceptions are preventing individuals from applying for cybersecurity roles in your region, it may be time to explore the root cause of those barriers and devise a marketing strategy to overcome them. This will involve reflecting on the needs of the local talent pool, their perception of your business, and the talent narrative you’re telling.
  • Explore new geographies - While some major cities struggle with talent shortages—particularly where large banking centers, technology hubs, and public sector organizations are located—there are countless smaller cities that have a wealth of idle talent. By building capability in smaller suburban areas, organizations may find they have the pick of a wider talent pool.

How Deloitte attracts top cybersecurity talent

  • Internship programs and sponsorships - In Australia, Deloitte partnered with the state government to sponsor a cyber academy. Through this program, the government subsidizes approximately 40 university students each year to work with Deloitte and our clients and acquire valuable hands-on cybersecurity experience.
  • Professional training bootcamps - The Deloitte office in Brazil recently completed its second cybersecurity bootcamp. Through this program, Deloitte Brazil provides cybersecurity training to a few hundred professionals.

The path forward 

Finding cybersecurity talent is challenging for many organizations right now—but, contrary to popular belief, the problem isn’t only a talent shortage. Rather, it’s how organizations approach the talent search and how they’re defining the ideal cybersecurity job candidate.

To learn more about how Deloitte can help you build effective cybersecurity teams, contact us.

Nick Seaver 

Partner - Deloitte UK

Cyber and Strategic Risk

Steve Rampado 

Partner - Deloitte Canada

Cyber and Strategic Risk

Ari Davies

Partner - Deloitte Japan

Cyber and Strategic Risk

Dinesh Santhiapillai 

Partner - Deloitte Australia

Cyber and Strategic Risk

Eder de Abreu 

Partner - Deloitte Brazil

Cyber and Strategic Risk

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey