Cyber Talent Shortage Affects 61% of Companies

A shortage of qualified cybersecurity professionals is forcing employers to explore alternative strategies, such as retraining candidates with transferable skills, reveals the Global Report on Cybersecurity by Hays.

Despite the pressing need, only 5% of cybersecurity budgets are allocated to skills training. With artificial intelligence becoming increasingly vital in cybersecurity, slightly more than half of organizations plan to train their staff in AI. However, many risk falling behind due to inadequate investment in upskilling.

Sixty-one percent of employers facing difficulties in attracting cybersecurity talent cite a lack of qualified candidates as a significant barrier. Given that experienced experts are in short supply, a viable strategy is to hire or retrain potential talent with transferable skills, which can also help organizations that cannot offer competitive salaries to already qualified candidates.

Despite the need, 62% of companies do not have an internal cybersecurity talent development program. Currently, 73% of organizations spend 5% or less of their cybersecurity budget on skills development, and nearly twice as many respondents believe that any additional investment should go toward cybersecurity workforce training rather than other resources.

The primary reason for the difficulty in attracting cybersecurity talent is the lack of qualified professionals in the market. Additionally, the few available candidates often demand salaries that many employers cannot offer. In 2023, nearly half of employers did not increase salaries for their security staff, and only 17% were able to offer increases greater than 10%.

The lack of investment in cybersecurity talent and equipment appears to persist, with 72% of leaders concerned about their budget in 2024, up from 68% last year. While 54% of respondents expect an increase in their spending allocation, attracting and retaining qualified professionals with monetary benefits will become more challenging. Therefore, developing non-traditional talent emerges as a more viable alternative for employers in 2024.

AI Impact on Employment

Although 89% of respondents see AI as a useful tool for improving safety, only 36% of leaders predict that automation will cause a loss of jobs by 2026. This view suggests that AI will be integrated primarily to support professionals rather than replace them, underscoring the importance of upgrading skills and training in these technologies.

However, the implementation of these tools is lagging. Only 57% of organizations plan to train their cybersecurity staff in AI in the next year, while a quarter of leaders do not contemplate such training. This lag can leave companies at a disadvantage against cybercriminals who use AI to exploit vulnerabilities.

Global Outlook

Globally, the outlook for the impact of AI on employment and cybersecurity varies considerably across regions. In Australia, for example, despite an increase in cybersecurity headcount by 2023, only 40% expect an increase in their budget by 2024, which contrasts with 54% globally. Furthermore, budget concerns are lower compared to the global average, suggesting a relatively optimistic attitude toward cybersecurity investment.

In contrast, countries such as Japan and Singapore exhibit much greater concerns about the impact of AI on the workforce and training in AI tools. In Japan, 74% of respondents did not offer salary increases in 2023, and only 34% plan to train their staff on AI tools in the next year, much lower than the global average. Singapore also shows high concern about AI attacks and a low level of training in AI tools, with only 20% training their staff compared to 32% globally.

On the other hand, Latin America faces particular challenges in attracting cybersecurity talent. The lack of qualified candidates is a major concern, and many organizations are considering in-house training and retraining as viable solutions. However, investment in these programs remains low compared to other regions, which could limit companies' ability to adapt quickly to new threats.

In response to these challenges, the European Union has proposed an AI Act regulation requiring compliance with strict conditions for high-risk systems, including risk management, testing, and monitoring.