How Canada Can Close the Cybersecurity Talent Gap
Globally, cyberattacks have increased 38 per cent since 2014, with the annual cost estimated at up to US$1-trillion. With that in mind, it is no surprise that cyber-risk ranks as the top economic peril among Canadian CEOs. The rapid pace of technological change requires companies to constantly improve their cybersecurity capabilities. As the number of cyberattacks increases, the resources dedicated to protecting organizations also rises.
Today, cybersecurity talent is in unprecedented demand and finding that talent is a key concern for Canadian executives. The Toronto Financial Services Alliance (TFSA) recently undertook a study, in partnership with Deloitte, which sought to understand the demand for cybersecurity talent in Canada and, more importantly, the resulting pipeline of talent our economy will require to meet rising cybersecurity challenges. The analysis indicates that the demand for such talent in Canada is increasing by 7 per cent annually, with organizations needing to fill some 8,000 cybersecurity roles by 2021.
This challenge is by no means unique to Canada. Globally, the latest estimates indicate that the world is on pace to reach a cybersecurity work-force gap of 1.8 million by 2022, a 20-per-cent increase over the forecast made in 2015. Countries around the world need to develop national cybertalent strategies to ensure they have the skill sets to manage cybersecurity within organizations and the economy more broadly. In Canada, a key concern for the executives surveyed is the increased frequency and complexity of cyberthreats, and increased security and privacy regulation. Further, executives are finding it increasingly difficult to find the talent they need to meet this challenge. More than half believe that demand for cybertalent is outpacing supply, and 76 per cent are finding it difficult to recruit individuals with the skill sets they require. The question for these organizations – are we developing a cybertalent pool in Canada that will meet this demand? If not, what steps need to be taken by organizations, academia and government to drive growth in cybertalent across the country?
Postsecondary institutions (PSIs) are recognizing the need to develop cybersecurity talent, but there is still much progress to be made. Colleges have increased the offering of cybersecurity-focused programs, yet they are encountering key obstacles. The speed at which cybersecurity risks are proliferating is outpacing educators’ ability to develop up-to-date curriculums. Additionally, the shortage of cybersecurity talent makes it difficult for PSIs to compete with the private sector for cybersecurity professionals, who are required in the classroom (as instructors) if cybersecurity programming is to grow. Canada’s universities have strong science, technology, engineering and math (STEM) programs, but integration of cybersecurity concepts within broader curriculums remains relatively weak. More fundamentally, the primary driver for universities is research and intellectual advancement, not market demand. While academic research in cybersecurity is extremely important, producing a pool of talent with “work-ready” cybersecurity skills is also critical. To meet that need, industry and academia will need to work more closely to close the cybertalent gap in Canada.
Business leaders across the country have identified this cybersecurity talent gap as a key focus when managing cybersecurity in their organizations. They also know current recruitment strategies are not sufficient to meet their requirements. The TFSA/Deloitte report recommends that organizations will need to commit to more innovative talent strategies to meet their objectives. Effective talent strategies will also need to have a longer-term focus, from educating young people on cybersecurity careers to creating educational opportunities for employees to improve their skill sets over time.
Canada’s financial sector is certainly thinking more pro-actively about the cybertalent gap and is forming partnerships with colleges and universities that invest in leading-edge cybereducation and research. As one of the largest spenders on cybersecurity, the industry is well aware that its ability to recruit the right talent is critical to the strength and success of the sector. As the number, sophistication and severity of cyberattacks continue to rise, the ability to close the cybertalent gap in Canada becomes increasingly critical to the economy. Canada will need a co-ordinated strategy that brings government, academia and the private sector together to develop this vital pool of talent.
Building a world-class pool of talent in Canada will not only avoid the potential costs of cyberattacks, it positions the country for economic success in the 21st century.