The distress in the cybersecurity industry is deepening. Finnish organizations are now facing increasing cyber threats, and news reports appear almost weekly about how companies are targeted by denial-of-service attacks, data breaches, and attempts to spread ransomware. The rising threat level has become a permanent risk to the security of companies and society, but at the same time, the cybersecurity industry suffers from an acute and, above all, global talent shortage that significantly slows down the growth of the sector.
What explains this situation and how could the problem be solved? And what happens if enough experts cannot be found?
Read more below and delve into the dimensions of the industry!
Demand for experts has exploded
According to the Digital Defense Report commissioned by Microsoft in autumn 2023, the demand for cybersecurity jobs is predicted to rise globally to as many as 3.5 million by 2025. This means an incredible 350% growth compared to 2018. Nico Tarvonen, who works as a Sales Project Manager at Academic Work Academy, describes the current situation in the industry as challenging.
“Both globally and here in Finland, geopolitical risks have increased significantly in recent years. This means that as the general threat level has risen, more experts in the field are also needed.”
In addition, Microsoft names insufficient training and certification programs in the field as one of the factors explaining the talent shortage globally in its study.
At the Finnish level, the immediate need for the cybersecurity industry in the labor market is 6,000–10,000 people. This is evident from the statement by the Finnish Information Security Cluster (FISC), the umbrella organization for the cybersecurity industry, which proposes solutions for managing the talent shortage. At the European level, the need for experts in the field is at least hundreds of thousands.
At the same time, the cybersecurity industry and its skill requirements are developing at a staggering pace, partly due to technological development. This pace of change and development requires even more versatile skills from workers: technical mastery alone is not enough, as strategic and business understanding, among other things, are becoming increasingly central. It is clear that this also makes recruiting experts challenging for employers.
What is FISC?
FISC, or the Finnish Information Security Cluster, brings together organizations and companies in the cyber and information security industry and acts as an advocate for the sector. Academic Work Academy is a member of the network and involved in influencing the growth and development of the industry and making the field visible.
Business life, authorities, and the third sector desperately need new cyber professionals. This is evident from a study on the change needs of the cybersecurity training program commissioned by the Ministry of Transport and Communications from the University of Jyväskylä, according to which 73% of respondents in a survey originally conducted by the Ministry of Transport and Communications see a significant talent shortage in the cyber field in their organizations. Almost all respondents would take on new professionals if they could only get them.
“In Finland, the group of information security experts is still quite small, so the explosive growth in demand for experts on a fast schedule is currently challenging companies in recruiting talent. In practice, the situation is that everyone is recruiting skilled labor at the same time right now,” Nico from Academy summarizes the situation.
Strengthening and diversifying training opportunities as a solution
Industry players, companies, and educational institutions have quickly woken up to the situation and started looking for solutions to the talent shortage. For example, Microsoft suggests strategic partnerships with educational institutions, non-profit organizations, governments, and companies as a solution to the talent shortage in its study. Furthermore, according to FISC, reskilling and upskilling would offer significant opportunities for managing the cybersecurity talent shortage, as they allow for a more agile response to the immediate skill needs of employers. At the same time, they can help, for example, those planning a career change to find employment in a field where there is a demand for experts.
Academic Work Academy is pleased that educational institutions have also woken up to this challenge and that, in cooperation with various actors, different solutions to the common problem can be considered.
“It is great that we at Academy are part of this solution and can do our part by bringing agile and fast practical expertise to the labor market, which our customers operating in the cyber field, for example, need,” Nico describes.
Although the Academic Work Academy pedagogical training model relies heavily on learning through practice and is valued among client companies operating in the information security sector, it is good to remember that academic university degrees and the Academy accelerated learning model do not compete with each other but are complementary channels aiming for the same goal – training new experts.
“In solving the talent shortage, different types of training should support and complement each other. We have agreed with our customers that different options are needed alongside traditional ways of training. A job seeker does not necessarily need to have a specific university degree or any other traditional background to be a relevant candidate,” Nico reminds and continues:
“In modern times, learning is lifelong, and new expertise can be acquired in many different ways during a career. Career and field changes are of interest in Finland, and I am particularly excited that we are at the center of this. This is a clear win-win, and I feel that the meaningfulness of my work is at its peak.”
What is Academy?
Academic Work Academy is a recruiting training concept that connects employers suffering from a talent shortage with motivated career changers who have a proven ability to learn. Graduates from the trainings include application and cloud developers, cybersecurity experts, automation designers, and system specialists. In Finland, we have already trained dozens of cyber professionals for tasks such as consulting and SOC Analyst roles. We are constantly planning new cybersecurity trainings.
Cybersecurity industry needs diversity
The IT industry needs more diversity, meaning more people of different ages, experts of different levels, people with different backgrounds, and gender diversity – and the cyber industry is no exception! According to Microsoft's study, the lack of diversity in the global cyber industry labor market further complicates the talent shortage. Globally, women make up only 25% of the workforce in the cyber field according to the study, so involving women is crucially important.
Diversity of experts is needed because modern cyber threats are also diverse. The industry needs different types of people to identify threats, develop operating methods, and prevent threat situations. People who can approach suspicious things with healthy distrust but without fear are likely to thrive best in the cyber field, as the ability to identify threats and put them into the right proportions is key. In such industry situations, the employee's interaction skills also become particularly important. Other desired qualities for an expert seeking to enter the cyber field are a genuine interest in the industry and the ability and strong motivation for learning.
“Learning ability is undoubtedly the most important currency for a job seeker right now, and for example, our client companies especially value the skill to understand and apply complex information.” “Versatile expertise, genuine motivation for the industry, and different backgrounds help the field continue to develop,” Nico continues.
No company is safe
Information security experts are needed in all sectors of business, and no field is safe from different levels of cyberattacks or attempts at them. The most critical are, of course, large companies and those related in some way to Finland's security of supply, because if these are targeted by a cyberattack, the effects on the entire society can be extensive.
“It is unfortunate that budgets reserved for ensuring the information security of companies are still insufficient in many places, and cybersecurity is currently seen mainly as a cost item rather than an investment. The situation is problematic because if a cyberattack occurs, the actual costs can easily rise to millions, even though a major financial loss could have been avoided by investing in information security expertise. Anticipating threats and the courage to invest are things that must be focused on in the future.”
And what happens if enough experts in the field are not found? If all other means, such as training new experts or bringing in talent from abroad, have already been used, ultimately the only option is to prioritize the most critical parties for the security of supply over other companies.
“For example, investing in operational technology (OT) will become even more important in the future for ensuring the security of supply. That is why we are constantly considering training solutions related to OT as well, because clearly the need for experts in this area is also growing,” Nico summarizes the future prospects of the cyber field.
Sources:
- Kyberturvallisuuden koulutusohjelman muutostarpeiden tutkimus – hankkeen loppuraportti. Jyväskylän yliopisto.