This article is part of our Essential Guide: It's a millennial workforce -- here's what HR pros need to know

Anti-millennial recruitment stance will widen cyber security skills gap, experts warn

Latest Global Information Security Workforce Study suggests infosec experts remain in short supply, and UK PLC’s reluctance to hire millennials means things are unlikely to improve

The global shortage of cyber security professional appears to be worsening, with the latest figures suggesting 1.8 million infomation security-related roles will remain unfilled worldwide by 2022.

That’s according to the Center for Cyber Safety and Education’s eighth Global Information Security Workforce Study (GISWS), which features responses from 19,000 cyber security professionals from around the world.

The projected 1.8 million shortfall in cyber security professionals is 20% higher than a five-year forecast previously published by the organisation in 2015.

Of the respondents, around 1,000 are from the UK and work in financial services, government and at multinational corporations, with 66% confessing that their companies do not have enough infomation security (infosec) personnel on their books to meet their needs.

The research also takes a look at the economic impact the dearth of infosec professionals in the wider UK IT jobs market is having, with three-quarters of security professionals being paid more than £47,000 a year.

As such, 46% of respondents said the lack of cyber security-skilled workers is contributing to the onset of data breaches at their organisation, while the same percentage said they planned to expand their cyber security workforce by more than 16% but the skills gap is making it difficult to do.

Given the current state of their cyber security workforce, 22% of respondents said it would take them around eight days to recover from a data breach and report it, which – under the terms of the forthcoming European Union (EU) General Data Protection Regulation (GDPR) – could put them at risk of sanctions.

When it comes to closing the skills gap, the report suggests targeting millennials should form a “critical” part of the recruitment process for UK businesses, but – at present – just 12% of the cyber security workforce is under 35.

Furthermore, just 6% of UK respondents said hiring university graduates will play a role in their cyber security recruitment plans, hinting at a reluctance in firms to hire millennials.

The data reinforces this view, with 93% of UK respondents indicating a preference for people with prior cyber security experience, which would exclude people attempting to break into the industry for the first time.

Read more about cyber security skills

Adrian Davis, managing director for Europe, the Middle East and Africa at non-profit security professionals association (ISC)², which sponsored the report, said UK PLC’s reluctance to hire millennials means companies could be storing up even more trouble for themselves later down the line.

“A continuing industry refusal to hire people without previous experience, and a failure to hire university graduates, means Britain is approaching a security skills ‘cliff edge’ due to the perfect storm of an ageing cyber workforce going into retirement and long-term failure to recruit from the younger generation,” he said.

“We need to see more emphasis on recruiting millennials and on training talent in-house rather than companies expecting to buy it off-the-shelf. There is a need to nurture the talent that is already in this country and recruit from the fresh pool of talent that is graduating from university.”

Lucy Chaplin, manager at KPMG’s Financial Services Technology Risk Consulting division, said prioritising experience over a willingness to learn means companies could be inadvertently contributing to increasing their staff turnover rates.

“We find that hiring and training inexperienced people pays off in better retention rates and a more diverse workforce,” she said.

“We recruit for attributes, such as analytical skills, rather than experience. Almost 50% of our new graduate hires are women, most of them with no previous industry experience.”

Read more on IT education and training