Severe cybersecurity talent gap creates vulnerabilities
As digital transformation sweeps through the Canadian economy, cyber threats are becoming more plentiful and sophisticated. The need for robust cybersecurity measures has never been more critical, which is fuelling increased demand for professionals with cybersecurity expertise. This surging demand is running up against a tough reality – an acute shortage of trained cybersecurity professionals.
“The talent gap in cyber is severe, both in Canada and around the world,” says Angela Mondou, president and CEO of TECHNATION, the national association representing Canada’s information, communications and technology (ICT) industry.
“Every day in Canada, we have an average of 4,000 vacancies in cybersecurity jobs. Around 20 per cent of cyber jobs in this country cannot be filled, a rate that’s increasing year by year,” Ms. Mondou says. “Taking action to address this talent gap is critical because cyber breaches impose a major economic cost on our nation.”
The average cost of a cyber attack on a Canadian organization is $6.3-million. For smaller companies, the economic loss from a breach can put their very survival at risk.
“It’s also disconcerting to consider that it takes an average company over 280 days to even determine that they’ve been hacked. That’s a dangerously long time for a company to have an unidentified security risk to its data and infrastructure,” adds Ms. Mondou.
“The other important factor is the growing sophistication of the threat actors. Adversaries are evolving new weapons to match the tools and technologies we’re working with,” she says. “For example, we now have the threat of multistage ransomware. It’s truly a race between the attackers and the defenders.”
And in this race, Canadian stakeholders need to speed up, says Ms. Mondou. “Moving more rapidly to get talent trained, not just at an entry level but at a more senior level, is critical. The time it takes to train individuals to meet the demand for skilled talent is not moving as fast as the acceleration of the harmful acts and threats that are out there.”
Taking concerted action to bolster the cyber talent pool
Earning a post-secondary degree or diploma in the cybersecurity field can take several years. It also takes considerable time for employers to find and hire a cybersecurity professional with the requisite skills – on average, six to eight months. Frequently, when employers do find a qualified individual, they have to pay premium salaries far above average salaries in the past. Meanwhile, turnover in cybersecurity jobs is trending upward – widening the talent gap even further.
With the pressure to find timely solutions, the industry is exploring development of more online certifications and online courses of shorter duration to accelerate talent into entry-level jobs. It is also looking at opportunities with post-secondary institutions to provide more compressed training in cyber areas where the needs are the greatest.
TECHNATION is working with partners in multiple ways to develop what it terms a “sustainable cybersecurity ecosystem.” It has developed its innovative CareerFinder platform (built on AI software with AI Quantum labour analytics partner SkyHive), through which employers and prospective employees in cyber and other technology sectors can find positions that fit their skills, as well as learn how they can boost their credentials to qualify for available jobs.
TECHNATION is also building for the longer term. “We are striving to drive awareness around cybersecurity roles – how important they are, as well as how exciting and rewarding these careers can be,” says Ms. Mondou. “We are working with our future workforce development team to profile the opportunities, particularly to the universities and other post-secondary institutions we work with. Our message is that these are high-paying jobs that put you on the front lines of safeguarding and ensuring success for a Canadian business or government.”
THE NEED FOR AN ‘ALL HANDS ON DECK’ NATIONAL INITIATIVE
The federal government has announced additional investments in cybersecurity initiatives in recent budgets, and TECHNATION welcomes these steps. However, the association seeks a more formal commitment and action plan that brings together all the key Canadian players – industry, government and academia.
“Our call to action to the federal government is to support creation of a public-private-sector co-led national cybersecurity task force,” Ms. Mondou says.
“This can’t be solved by government on its own or industry on its own. The challenge is too serious to have steps taken in isolation, and it has to be all hands on deck. It’s a problem for our entire economy, and the solutions need to be developed by all of us.”
To view this report on The Globe's website, visit globeandmail.com
To view the full report as it appeared in The Globe's print edition: Cybersecurity Awareness Month