2016 saw a lot of discussion around the topics of state sponsored hacking, government surveillance and digital transformation. A broad term to group these discussions could be cybersecurity – once a fledgling field of minimal expertise usually undertaken by network engineers as a side job.
That was a decade ago, because as of now the industry is worth around US$ 75 billion and that is forecast to grow to US$ 170 by the year 2020. Where cybersecurity was once reserved for tech companies with a plethora of online representations, it is now an element of business in every market, country and sphere of life.
As the world as a whole has undergone the ‘digital transformation’, forcing companies to evolve and change their corporate culture, cybersecurity now affects everyone, everywhere. The importance of cybersecurity can be highlighted by discussions in the SEC to require public companies to disclose information about their cybersecurity measures and even if any of their directors have extensive experience in cybersecurity.
The boom in this highly technical and skilled industry has followed previous tech booms in how the demand for the skills needed for cybersecurity has far outweighed the supply of those skills from universities and colleges. Institutions of education and even the government are left playing catch up to try and fill vacancies in a wide-open cybersecurity market.
The pull of high paying, stable jobs with huge possibility of upward mobility has done and will continue to do little to solve the problem as a ‘one graduate, one job’ approach will fall far short of the number of openings in the field. It is estimated that globally, in 2017, there are 1 million job openings in the cybersecurity field, with over 200,000 of those in the US alone.
What has caused the dramatic vacancies and lack of skills?
It is hard to blame any one person or any one institution for not foreseeing the meteoric rise of the cybersecurity market and the demand for skills this rise will have because the technological space is notoriously fast-moving and unpredictable.
The cyclical nature of jobs/skill supply will always lag the industry as a whole. This was seen in financial jobs in the early 2000s and in the greater tech space at the same time. Cybersecurity was previously seen as a branch under the broader tech sphere, which meant that companies would delegate cybersecurity responsibilities to their software engineers, web designers and general technological analysts.
Only recently has the demand for highly specialized jobs in cybersecurity come to the fore. In the past, the digital footprint of companies was largely limited to their websites and maybe some sort of ERP that they used internally, but now digital touches all parts of the company. Employee data, customer data, transactional data and proprietary research all have to be secured and protected from the rising tide of hacks and breaches.
The demand for these jobs is spurred by this digital shift that has come across all companies at a similar time. All the way from low level analysts to senior advisors and even Chief Information Officers, the vacancies are obvious.
What this means for business
Businesses across the world are struggling to fill all levels of jobs, with higher levels proving to be particularly hard because of the lack of industry experts in a relatively new field. This has driven up median entry level salaries to around US$ 80,000 and mid-level jobs to just over US$ 100,000. This should help attract more college students and computer science majors to enter the field of cybersecurity but will not solve the problem alone.
Government initiatives aimed at raising awareness and excitement about the field have been started at a high school level. By increasing young people’s exposure to cybersecurity and the prospects of this fast-growing and developing market, they aim to generate an organic growth in job seekers.
Business initiatives are largely aimed at clearly defining and clarifying the roles and responsibility of positions within companies for cybersecurity. This will better help differentiate the jobs from other tech-related jobs and help raise awareness about the potential of a career in cybersecurity.