I spend a lot of my time helping larger companies refactor themselves to meet the challenges of the 21st century. In the early 2000s it was the web, in the late 2000s it was cloud and consumerization, which led quickly on to Big Data. These topics dominated many conversations I’ve had in boardrooms, C-suites and more than a few dinners. In all of those cases, the executives sitting across from me, to a person, were struggling to map something technical, something complicated to their existing worldview. Some succeeded, more than a few failed, and as we see today, the business landscape looks radically different.
Today, those conversations have pivoted towards cybersecurity, but in this case, there’s a much bigger issue staring these executives in the face — finding the people to do the work. Currently, the unemployed cybersecurity workforce sits at 0% and estimates put the number of unfilled rolls in excess of 3 million (registration required) by 2021, up from 2 million next year.
A recent survey of chief information officers (CIOs) showed some disturbing results. Only 10% of CIOs reported cybersecurity as a top business priority, less than 35% felt that their business viewed it as a “cost of doing business” and only 37% of CIOs considered it a core capability of success. Conversely, it is a constant board of directors level conversation, with current models (registration required) showing the average cost of a breach to be over $3.5 million, tracking upward significantly to $40 million if 1 million customer records are compromised.
In a market expected to approach $1 trillion over the next five years, it is amazing to me that we have yet to build a pipeline for identifying potential staff, training, hiring and growing in roles toward the chief security officer role.
Frankly, I am amazed that some of these following questions are still being asked:
• Does the company have a true cybersecurity strategy?
• Does the company have a realistic understanding of the cyber ecosystem, people, processes and technologies?
• Does the company have a clear understanding of the evolving nature of this market?
• Do the talent acquisitions teams have the skills to recruit, attract, hire and support cybersecurity hires?
• Does the company have a plan in cases where a breach occurs?
There is an upside — unlike companies that launched into this conversation three or more years ago, a much broader ecosystem of partners exists. From specialty technology groups to strong teams inside of existing information technology service providers to niche cybersecurity services groups to strong executive recruiting groups, the entry points are now much easier and much less expensive.
Coming back to this evolving conversation, the rising threats are not going away any time soon. As artificial intelligence and automation continue their never-ending push to integrate, drive efficiencies and accelerate the digital transformation journey, there is a need to quickly close these cybersecurity gaps. Most organizations need outside help to move forward. My biggest recommendation for any group is to find a strong outside partner who can speak to the board, the C-suite and the operational staff to build a cohesive strategy, execute it and measure the results.
Cybersecurity needs to move from being a cost of doing business to being a strategic value to the organization. Find the partners that accelerate your change and give you access to the executive resources you need, when you need them — quickly.