Skip to main content
Perspective:
Perspective
5 minute read

Finding cybersecurity talent in an altered world

Since the onset of the pandemic, attracting and retaining top-quality talent has become a common plight for many organisations across the world. In the cybersecurity space, however, this shortage can have debilitating effects. With rapid advancements in technology and the mounting sophistication and proliferation of cyber threats, large organisations, such as financial services institutions, require high calibre cybersecurity capabilities to avert financial and reputational repercussions. While a shortage in cybersecurity talent is by no means universal, in certain geographies the talent pool can be incredibly shallow—and the war for that talent incredibly fierce.

Not only will organisations have to cast a wider net in their recruitment efforts, but they must play a role in attracting and training people to enter the profession.

Download the report
2 MB PDF

What’s behind the cybersecurity talent shortage?

To collectively resolve the cybersecurity talent shortage, it can be helpful to understand why it exists in the first place.

  • Insufficient educational programmes - In many parts of the world, cybersecurity is a component of technically-focussed college-level IT programmes—and is treated as a skill-based course individuals can take after they earn their degree. In some jurisdictions, you can obtain a standalone certification in cybersecurity, but it’s not considered a university programme.
  • Misperceptions about the industry - As cyber threats have evolved so, too, has cybersecurity—and, as a result, the awareness level around what this profession entails varies greatly. Many senior leaders, for instance, still believe cybersecurity is primarily a highly technical profession and aren’t aware that it can also include many non-technical roles
  • Cultural barriers - Misperceptions around cybersecurity impacts the number of people pursuing such careers as well as the types of people organisations hire. But these misperceptions are by no means universal and differ from country to country.
  • Working conditions - In some jurisdictions, cybersecurity has a reputation for being a low-paying job with long hours and few opportunities for career advancement. In a recent Deloitte survey, 27% of respondents acknowledged that the cybersecurity profession lacks clearly defined career paths, 23% said they lacked learning and development opportunities, and 30% felt compensation and incentive plans weren’t keeping pace with the market
  • Gender inequality - Like many Science, Technology, Engineering and Math (STEM) workforces, cybersecurity is predominantly male dominated, resulting in a self-perpetuating gender gap. Due to gender inequality in the field, many women drop out of STEM programmes before ever entering the job market.

Closing the gap

While many organisations across the globe are grappling to find adequate cybersecurity talent, a small fraction are beginning to differentiate themselves in the marketplace.

  • Get more involved in academia - Right now, academia tends to treat cybersecurity as a supplemental skill—something you acquire after a degree—rather than a Tier 1 educational programme. To deepen the cybersecurity talent pool, this must change.
  • Broaden your horizons - Successful cybersecurity teams are strengthened when team members have diverse disciplinary backgrounds. As such, it makes sense to broaden recruitment efforts and introduce cybersecurity to individuals who may not view it as a traditional career option.
  • Challenge misconceptions - If cultural barriers and misconceptions are preventing individuals from applying for cybersecurity roles in your region, it may be time to explore the root cause of those barriers and devise a marketing strategy to overcome them. This will involve reflecting on the needs of the local talent pool, their perception of your business and the talent narrative you’re telling.
  • Explore new geographies - While some major cities struggle with talent shortages—particularly where large banking centres, technology hubs and public sector organisations are located—there are countless smaller cities that have a wealth of idle talent. By building capability in smaller suburban areas, organisations may find they have the pick of a wider talent pool.

How Deloitte attracts top cybersecurity talent

  • Internship programmes and sponsorships - In Australia, Deloitte partnered with the state government to sponsor a cyber academy. Through this programme, the government subsidises approximately 40 university students each year to work with Deloitte and our clients and acquire valuable hands-on cybersecurity experience.
  • Professional training bootcamps - The Deloitte office in Brazil recently completed its second cybersecurity bootcamp. Through this programme, Deloitte Brazil provides cybersecurity training to a few hundred professionals.

The path forward 

Finding cybersecurity talent is challenging for many organisations right now—but, contrary to popular belief, the problem isn’t only a talent shortage. Rather, it’s how organisations approach the talent search and how they’re defining the ideal cybersecurity job candidate.

To learn more about how Deloitte can help you build effective cybersecurity teams, contact us.

Nick Seaver 

Partner - Deloitte UK

Cyber and Strategic Risk

nseaver@deloitte.co.uk

Steve Rampado 

Partner - Deloitte Canada

Cyber and Strategic Risk

srampado@deloitte.ca

Ari Davies

Partner - Deloitte Japan

Cyber and Strategic Risk

ari.davies@tohmatsu.co.jp

Dinesh Santhiapillai 

Partner - Deloitte Australia

Cyber and Strategic Risk

dsanthiapillai@deloitte.com.au

Eder de Abreu 

Partner - Deloitte Brazil

Cyber and Strategic Risk

eabreu@deloitte.com

Did you find this useful?

Yes
No

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Recommendations

Customers for life

Making the broader case for reframing business purpose through a conduct lens and looking after vulnerable customers.
Perspective
5 minute read

Five essential steps to improve cybersecurity

New Zealand organisations continue to experience cyber threats that hold the potential to disrupt business operations and service to customers. A vast majority of those threats can go undetected, or they are detected too late for an organisation to avoid exposure and the associated risk.
Perspective
5 minute read

Health and safety update

Health and safety update: regulation, news, thought leadership
Perspective
5 minute read

Identifying email scams that target businesses

We have seen a sharp rise over the last six months in what are highly sophisticated email scams targeting both business and public sector organisations.
Perspective
5 minute read

Let's connect

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of  member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see About the Deloitte organisation to learn more.

Deloitte Asia Pacific Limited is a company limited by guarantee and a member firm of DTTL. Members of Deloitte Asia Pacific Limited and their related entities, each of which is a separate and independent legal entity, provide services from more than 100 cities across the region, including Auckland, Bangkok, Beijing, Bengaluru, Hanoi, Hong Kong, Jakarta, Kuala Lumpur, Manila, Melbourne, Mumbai, New Delhi, Osaka, Seoul, Shanghai, Singapore, Sydney, Taipei and Tokyo.

© 2024. For information, contact Deloitte Limited (as trustee for the Deloitte Trading Trust).