Paris— As the adoption of new technologies like generative AI creates new cyber vulnerabilities within organizations, the cybersecurity talent shortage is accelerating. Based on a survey of 6,000 people in 48 countries, including France, the latest BCG report “Cybersecurity Has a Talent Shortage. Here’s How to Close the Gap,” published in collaboration with the Global Cybersecurity Forum (GCF), reveals an overall talent gap of 2.8 million worldwide, with only four experts available for every five open positions. Faced with such a shortage, how can companies strengthen their cybersecurity resilience?
An increase in cyber attacks in number and power
- The cost of cyber attacks is now estimated at $2.2 trillion worldwide , a figure that has increased fivefold since 2015.
- The adoption of AI has increased the vulnerability of organizations: 70% of organizations already integrate AI into their security operations to detect anomalies and predict attacks, but nearly six in ten cybersecurity leaders express concern about new cyber attacks, particularly those linked to AI (deep fakes to impersonate an executive and give a transfer order, writing highly personalized and realistic messages to obtain sensitive information, etc.)
- Faced with these threats, 76% of companies expect an 11% increase in their cyber budget in 2024 compared to 2023. AI can also provide the solution to the problem it creates: 18% of CISOs already use cybersecurity solutions powered by GenAI .
A worrying shortage of talent
- There are 7.1 million people working in cybersecurity worldwide today. Yet, 2.8 million positions remain unfilled, representing a vacancy rate of 28% .
- Among other factors mentioned, cybersecurity managers point to the lack of expertise of candidates (64%) , the attractiveness of their competitors’ offers (47%) but also the lack of diversity in the profession – women hold 36% of jobs in the technology sector, but represent only 24% of the cybersecurity workforce.
- 59% of cybersecurity leaders see this talent shortage as one of the biggest obstacles to their organization’s security.
A geographical and sectoral disparity
- The talent shortage is particularly acute in Asia-Pacific, where 56% of needs remain unmet, compared to 32% in Europe.
- The financial services, manufacturing, consumer goods and technology sectors account for 64% of the shortage. This is explained by an increased need in these sectors, which account for 70% of global cyberattacks, with an average cost higher than the average.
What levers of resilience in the face of shortages?
The report makes several recommendations to address the talent shortage, in particular the ongoing training of talent (considered a priority by 60% of organizations), the promotion of greater diversity to attract new talent – there are currently few visible or accessible women, while highlighting female role models could encourage women’s careers in this field –, or initiatives to raise awareness among young people about the cyber domain.
