RIYADH: The global cybersecurity workforce is grappling with a substantial shortfall, with an estimated 2.8 million professionals required to meet demand, according to Shoaib Yousuf, managing director of the Boston Consulting Group.
In an interview with Arab News during the Global Cybersecurity Forum in Riyadh, Yousuf stated that the current workforce stands at 7.1 million.
Yousuf delved into the reasons behind this gap, pinpointing a fundamental deficiency in “skilled” workers.
He emphasized: “This gives us a clear direction that a lot of work needs to be done to take the young cybersecurity professionals or young graduates and train them and provide them the right set of skills, training, certifications, mentorship, and internship to convert them and provide the career opportunities for them.”
During the forum, BCG, in collaboration with the Global Cybersecurity Forum, released the 2024 Global Cybersecurity Workforce Report, which paints a troubling picture of the industry. The report indicates that only 72 percent of digital defense roles are filled, leaving organizations increasingly vulnerable to rising threats.
To tackle these workforce challenges, Yousuf stressed the need for a comprehensive approach. “Building a sustainable cybersecurity talent pipeline requires a multi-faceted strategy,” he said. He advocated for an integrated system that includes awareness campaigns, educational programs, and initiatives that lay a strong foundation for those interested in cybersecurity careers.
A robust talent pipeline is essential, Yousuf noted, to create awareness, improve educational frameworks, and adequately prepare young professionals for success in the field. He mentioned that establishing strong strategies to attract students to cybersecurity, along with the private sector’s appealing mentorship and internship opportunities, could significantly enhance the workforce’s quality.
“One of the challenges we found is that everyone wants a skilled workforce. Everyone wants somebody with five to eight years of experience,” Yousuf pointed out, highlighting the gap faced by newcomers entering the cybersecurity arena.
He elaborated, “The third step is the career advancement and retention of the professionals. How we can do that is by providing a thriving career. Making sure we invest in the upskilling, we invest in the right set of cybersecurity certifications, and also look into the diversification. Today, we found that women participation in cybersecurity is 24 percent, whereas the average in ICT (information and communications technology) is 36 percent.”
Yousuf also noted a high demand for specific skill sets, stating, “Based on a survey, we identified that there are four skills that are highly in demand. One of them is definitely the cybersecurity leaders. There is a strong shortage of that. Cloud security, as you can see, there is a strong push for many organizations to shift to the cloud. Cloud security is one of the roles which was highlighted as one of the critical shortages.”
Additionally, he mentioned the growing need for security architects and experts in emerging technologies, particularly those specializing in artificial intelligence.
He emphasized the urgency of addressing cybersecurity threats, labeling it as one of the most significant global risks, second only to climate change. “Cybersecurity is one of the top risks, and multiple reports have highlighted that cybersecurity is a second top threat and risk after climate change,” Yousuf asserted.
Yousuf underscored that cybersecurity has remained “on the top agenda for many nations, for many decision-makers, many CXOs,” and has become a central topic of discussion at the board level, necessitating improvements in defenses.
Despite considerable investments in cybersecurity, he remarked, “We have always been catching up.” Yousuf highlighted the financial implications of cybercrime, noting that the cost of such offenses exceeded $2 trillion last year and is projected to surpass $6 trillion in the next five years. “If you look at the impact of cybercrime, it is moving so fast. But when you look at the cybersecurity investment, it’s not keeping up at the right pace,” he explained.
He reiterated the importance of creating a level playing field, suggesting that “AI provides a fantastic opportunity to understand the threat landscape better, and we can play a much better role, to be a little bit more proactive.”
Yousuf also pointed out that cybersecurity is a top priority for Gulf Cooperation Council countries, which have made significant advancements in recent years. “One of the things which we have observed is that cybersecurity is the top priority for the GCC countries, and over the last five to eight years, we have seen a leapfrog effort, not only incremental effort, leapfrog efforts,” he stated.
He highlighted Saudi Arabia’s swift progress, noting its rise from a ranking in the late 40s on the ITU Global Cybersecurity Index in 2019 to the second position within three years.
Yousuf concluded by stressing that GCC nations recognize the importance of fostering a secure cyberspace to build trust, particularly as digital adoption is pivotal to their economic growth. He underscored that investing in digital infrastructure and robust cybersecurity is critical to supporting their ongoing digital transformation efforts.