In today’s digital world, technology impacts all organisations and businesses. This necessitates continuous improvement of businesses’ cyber capabilities, creating an unprecedented demand for cybersecurity professionals.

Our survey indicates that it is not a concern for Danish organisations and businesses to retain and develop cybersecurity professionals, yet it appears more difficult to attract them in the first place.

What does the survey show?

The fierce competition for cybersecurity capabilities becomes evident when we ask Danish organisations how easy it is for them to attract the right cybersecurity professionals. On average, 15% of organisations across the FS, ERS and PS indicate that it is easy for them to attract cybersecurity professionals, 64% believe that it is neither easy nor difficult, while 21% believe that it is difficult.

Meanwhile, an average of 29% indicate that it is easy to retain professionals with cybersecurity competencies once they are hired, 62% believe that it is neither easy nor difficult, while 9% state that it is difficult.

Finally, an average of 37% believe that it is easy to help develop the competencies of their cybersecurity colleagues, 51% indicate that it is neither easy nor difficult, while 13% state that it is difficult.

Q: How easy or difficult do you find it to attract/retain/develop employees with competencies withincyber- and information security to/within your organisation?

Sector deep dive

Assessing the data more closely, it seems easier for organisations in the FS to attract the right cybersecurity professionals than for organisations in the PS and ERS. However, organisations in the latter two sectors seem to find it easier to retain and develop their cybersecurity employees.

Deloitte’s perspective

Our survey confirms a rather competitive Danish cybersecurity talent environment. In addition, our qualitative data indicates a limited pool of Danish cybersecurity capabilities, resulting in Danish organisations often searching abroad for the right cybersecurity professionals.

In the sector deep dive, it became evident that the FS appears to have an easier time attracting the right cybersecurity capabilities than the other sectors. Yet, the FS also appears to have the hardest time retaining and developing its cybersecurity talents.

An explanation of this could be that, while organisations in the FS often have more funds to allocate to cybersecurity, organisations in the PS and ERS might be able to offer more fulfilling positions. It has been well documented that especially the younger generations, Millennials and Gen Zs, are increasingly focused on serving a higher purpose through their jobs rather than solely relying on monetary benefits. Especially organisations in the PS and ERS seem to be able to offer these types of jobs. The quotes from the PS and the ERS emphasise the importance of purpose to appear attractive to current and future talents.

Also, more than half of the respondents state that they believe it is neither easy nor difficult to attract, retain or develop the right cybersecurity professionals. Based on the variety of answers, there seems to be great differences in the level of ease with which Danish organisations attract, retain or develop cybersecurity professionals. One explanation for this could be that cybersecurity needs vary greatly among organisations across the different sectors; some need more specialised capabilities than others, who might look for more general skills.

In our experience, it is the deep and specialised cybersecurity skills (e.g. incident response professionals, security architects, C-level strategy consultants) that are hard to find, whereas more general skills within cybersecurity are both easier to find and train.

In summary, the demand for cybersecurity has surged in recent years as the cyber threats have become more frequent and severe. The supply of cybersecurity talents, however, has not grown at the same pace. Professional services firms have helped to bridge this gap to some extent. However, if the gap between supply and demand in cybersecurity capabilities continues to widen, organisations will struggle to keep up with the ever-changing cyber threat landscape.

The bigger picture

Addressing the unprecedented demand for cybersecurity skills
The demand for cybersecurity and information security skills has exploded, causing a shortage of qualified professionals. To solve this problem, organisations are increasingly searching abroad for the cybersecurity capabilities they need.

In a talent environment like this, continuous investment in skills, people and training of employees are key factors in retaining your current personnel, ensuring development of the right skills and creation of an attractive culture that others want to join and stay in.

In particular, employees working at the forefront of businesses’ cyber defences need continuous training through innovative techniques, such as real-life simulations and gamification, to ensure that they keep up with and stay ahead of the cyber threats.

Share this story