Is the Cybersecurity Talent Crunch Finally Taking Its Toll?

by Sandeep Bhargava, SVP, Global Services and Solutions, Public Cloud Business Unit, Rackspace Technology

In today’s digital era, cybersecurity mirrors a high-stakes chess game. The evolving landscape forces companies, much like players, to adapt to the prevailing conditions. Sure enough, advancements in artificial intelligence (AI), for example, have complicated matters, with 72% of Asia Pacific’s C-suite telling Rackspace Technology that they needed to beef up cyber defences.

The analogy extends even to the current talent crunch which organisations are facing. Indeed, just as a player must pivot and rethink strategy after losing a key piece, organisations too must do the same. The urgency of addressing the lack of expertise cannot be overstated, as it was cited as the top area of concern for nearly half of organisations surveyed by Rackspace Technology last year.

However, this is aggravated by the fact that the hiring environment today is ultra-competitive and high turnover could spell disaster. There is hardly a wealth of available talent for roles like architects and compliance advisors, for instance, and this shortage is particularly acute for smaller businesses.

Unravelling Cybersecurity’s Future
While plugging the cybersecurity skills gap looks set to loom large for the future, that does not indicate all is lost. As the threat landscape continues to evolve, the demand for adept cybersecurity specialists will continue to surge. This will create robust job prospects for the future, which will encourage more individuals – including those from previously marginalised groups – to venture into this field and meet the burgeoning demand. Meanwhile, upskilling or a career pivot from those in related fields, like data science, can help organisations foster the kind of workforce that lives and breathes security.

However, that doesn’t quite solve the issue in the near term. Even with an increasing influx of talent, the transition from entry-level roles to senior leadership positions remains a prolonged journey, often spanning years. Consequently, the industry finds itself with a substantial pool of junior professionals and a comparatively smaller cohort of highly skilled, senior-level experts. This asymmetry means organisations will have to look to partnerships with experts who can help them plug the gaps and build up their arsenal.

Crucially, for both the near and long term, Malaysian organisations need to know how to invest strategically. For the former, it is crucial to ensure they are equipped with the latest tools to handle current threats. For example, AI innovation raises new risks but – as Communications and Digital Minister Fahmi Fadzil said – it also opens new avenues to better manage the lack of experts. In the long run, a well-thought-out allocation plan enables organisations to nurture an environment where their current talents can grow by delving into emerging domains. In fact, this opens up avenues to develop and tailor training to organisational needs, because as the saying goes, if you think education is expensive, try ignorance. Here, existing leaders can take charge and craft a training plan that blends security imperatives with individual learning paths, ensuring mutual upskilling and strategic growth. Indeed, it will come as no surprise when companies that put off investment aligned with skills building lose people to organisations that do prioritise security innovation.

Building Cyber Resilience
In the past decade or so, security budgets were often relegated to an afterthought. The lion’s share of attention was placed on IT infrastructure and applications. Naturally, this oversight led to inadequate security measures leaving organisations vulnerable to breaches. However, perhaps less obvious, has been how this lack of investment has stunted the growth of skilled talent. But as this truth becomes more evident, organisations are shifting priorities to be more resilient.

Putting this newfound realisation into practice rests on expanding security so that it is not just the responsibility of one department. The savvy Chief Information Security Officer (CISO) will deputise their peers to drive security best practices.

Security leaders will also benefit from advancing other departments’ IT strategies by leveraging security dollars to help fund platform, data and application initiatives that can meaningfully lower risk and technical debt. Innovative investment means that security is baked into all strategic initiatives and not just another tool to overlay or restrictive workflow. This will help local businesses prioritise security and staffing issues in equal measure so that they can keep making progress and focusing on building secure systems.