Viorel Sima - Fotolia
Nearly 40% of European firms want to grow their cyber security teams by at least 15% in the next year, according to the latest report based on the 2017 Global Information Security Workforce Study.
The study, commissioned by information security certification body (ISC)2, is based on a survey of 19,000 cyber security professionals around the world, including nearly 3,700 respondents in Europe.
Although European organisations have the most ambitious hiring targets in the world, two-thirds say they currently have too few cyber security professionals.
Europe faces a projected skills gap of 350,000 workers by 2022, according to the report, which calls for employers to do more to embrace newcomers and a changing workforce.
The study revealed that 92% of hiring managers admit they prioritise previous cyber security experience when choosing candidates, and that most recruitment comes from their own professional networks.
Hiring managers also admitted that they are relying on their social and professional networks (48%), followed closely by their organisation’s HR department (47%), as their primary source of recruitment.
Globally, the report shows that strong recruitment targets, a shortage of talent, and disincentives to invest in training are contributing to the skills shortage, with 70% of employers around the world looking to increase the size of their cyber security staff this year.
The demand is set against a broad range of security concerns that continue to develop at pace, the report said, with the threat of data exposure clearly identified as the top security concern among professionals around the world.
Concern over data exposure is linked to new regulations aimed at enhancing data protection around the world, including Europe’s General Data Protection Regulation (GDPR).
Read more about information security skills
- A failure to include women in cyber security recruitment campaigns, the continued focus on technical skills and a gender pay gap is exacerbating the cyber security skills shortage, say industry experts.
- Anti-millennial recruitment stance will widen cyber security skills gap, experts warn.
- Companies struggling to fill infosec roles should focus on finding people who can do what they need, not qualifications, according to a security industry panel.
- Information security professionals need to grow their skills, engage with the business, increase security awareness, set business goals and tailor their messages, says a panel of experts.
The deadline for compliance with the GDPR is 25 May 2018. After that date, organisations found in breach of the regulation faces fines of up to €20m or 4% of global turnover, whichever is greater.
The report describes a revolving door of scarce, highly paid workers with an unemployment rate of just 1% in Europe.
Organisations are struggling to retain their staff, with 21% of the global workforce saying they have left their jobs in the past year, and facing high salary costs, with 33% of the workforce in Europe in particular making more than $100,000 (€95,000/£78,000) a year.
“The combination of virtually non-existent unemployment, a shortage of workers, the expectation of high salaries, and high staff turnover that only increases among younger generations creates both a disincentive to invest in training and development and a conundrum for prospective employers of how to hire and retain talent in such an environment,” the report says.
The report recommends that organisations adapt their approach to recruitment and draw from a broader pool of talent. This is backed by findings that show workers with non-computing-related backgrounds account for nearly one-fifth of the current workforce in Europe and that they hold positions at every level of practice, with 63% at manager level or above.
The report also highlights a mismatch between the skills recruiters are looking for and workers’ priorities for developing a successful career, suggesting skillsets may not be keeping pace with requirements.
Currently, the top two skills workers are prioritising include cloud computing and security (60%) and risk assessment and management (41%), while employers prioritise looking for communication (66%) and analytical skills (59%). Only 25% and 20% of workers are prioritising communication and analytical skills, respectively.
Other recommendations include:
- Looking beyond social and professional networks as the main channel of recruitment to open doors for new, younger and more diverse talent.
- Accepting the need to invest in development and training because more talent is needed to stem the high levels of movement on job markets.
- Better communication of current employer requirements because workers prioritise different skills for their professional development than what employers look for in the workforce.
Adrian Davis, managing director for Europe, the Middle East and Africa at (ISC)2, said: “There are real structural concerns hampering the development of the job market today that must be addressed.
“It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less-experienced candidates. If we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society.”