Every organization has different needs. For example, a power company in the American Midwest faces different challenges around retaining talented cyber professionals than a high-tech firm in Silicon Valley. By recruiting from local universities, organizations can feed their specific talent pipeline. This benefits the company, the school and the local community, important factors for creating a sustainable business. Furthermore, providing employees with continuous education opportunities creates a clear and attainable career path, which is a powerful tool for both recruiting and retention.

It’s also important to remove the “technical” label from cyber work, which can result in women with the right education and experience shying away from the field. The “technical” label is one of the reasons why women make up half of the college educated workforce in the United States, but only 28 percent of the workforce in science, technology, engineering and math (STEM)-related fields. In the context of cyber, women with legal, business and regulatory expertise can all play important roles, increasing the pool of potential employees, supporting the closure of the talent gap.

Perhaps Astrid Lindgren wrote it best in her classic children’s book Pippi Longstocking when Pippi said, “I have never tried that before, so I think I should definitely be able to do that.” While some women may not feel that they have the appropriate skillsets, privacy and cyber are so diverse that their skills are actually essential for a sustainable and high-functioning cyber working environment. However, this needs to be communicated effectively to them, in order to create a broader, more diverse talent pool.

Cyber leaders can make sure the team’s mission is always the focal point for its activities. With security and privacy so closely intertwined, a mission-focused team ensures that all parties work together. Someone with a technical background may think about data protection from a technical perspective. However, on the privacy end of things, an employee with a legal background may think about how the data should be protected to avoid compliance violations. While both parties are focused on the same objective - reducing data risk - they are approaching it from different perspectives. In order to truly mitigate data risks, both perspectives must be considered, making sure data is secure and compliant (which are not the same thing).

Combining skillsets and responsibilities in this fashion, when done consistently, can improve staff morale and retention, mainly because workers feel like they serve a common goal and are delivering value to the business. Over time, this helps to create the type of cyber culture that people want to join, and don’t want to leave, which is an important step to relieving the strain of the talent gap.

When cyber professionals view themselves as part of a cost center, they might not recognize the value they add, or feel they have job stability, especially during challenging economic times.

This problem can be tackled if cyber professionals understand how their work translates to responsible business and revenue. This can generate greater morale and enthusiasm when compared to the “cost center mentality.” In today’s environment, cyber is not a cost center, it is a strategic component of enterprise risk management and a business enabler. When it is positioned as such to employees, they will understand that the company values cyber and see a career ladder to scale.

This perception should be projected throughout the organization. Everyone should view the cyber team as a critical component to the business, just like they do the sales or marketing teams.

Cyber teams have experienced a spike in activity since COVID-19 hit, with threat actors taking advantage of the pandemic and companies transforming overnight into “work from home” enterprises. According to a Forbes report, Microsoft detected nearly one million COVID-19 themed attacks per day during the first week of March. And for privacy professionals in particular, government and other organizations have been processing tremendous amounts of health data this year, putting a spotlight on privacy and making it mission critical to business operations.

The reality is, cyber teams understand that a single mistake can cause tremendous damage to the company, and that’s enough to keep them awake at night, often working long hours to make sure nothing slips through the cracks. It’s important for organizations to let cyber teams know their efforts are appreciated, and that properly managing the stress from the job should be a priority.

Closing the cyber talent gap is important, but also time consuming because more people and technology need to be involved. By taking proactive steps to create an attractive, inclusive, and sustainable cyber culture, organizations can accelerate this process while also becoming a magnet for attracting top talent.