Keeping data secure is critical to organizational health.
Businesses are showing a heightened awareness of cybersecurity as they increasingly depend on digital technology. But the requisite workforce—the first line of defense in safeguarding hardware, software and data—is proving hard to come by.
The talent gap is affecting everything from the way businesses approach hiring, training and compensation to who they partner with.
“We’re finding more employers are looking for cybersecurity talent,” says Todd Warner, executive in residence for Workforce Innovation at Columbus State Community College, which is rolling out new programs to prepare students for the roles. “The shortfall is enormous.”
Desperate for Talent
Attempts to gain unauthorized access to data and disruptions or denials of service—called cyber incidents—have become routine. Recent high-profile incidents at Marriott and Equifax, for example, exposed the personal information of hundreds of millions of consumers. Federal agencies reported more than 35,000 cyber incidents last year, according to the Office of Management and Budget.
As commonplace as these events are becoming, they aren’t trivial to the organizations they’re affecting. When counting lost revenue and negative brand exposure, the average cost for a data breach is $7.91 million in the U.S., according to a study by IBM.
It’s this frequency and cost of cyber incidents that’s contributing to the demand for cybersecurity professionals, who protect sensitive information such as bank accounts, military communications and consumer data. There are more than 310,000 cybersecurity job openings across the country, including about 7,240 in Ohio, according to CyberSeek.
The shortage is not only putting organizations at risk of cyber incidents but also driving up the cost of labor. Data-security analysts earn a median starting salary of $121,000, according to staffing and risk-consulting firm Robert Half International. The high price of talent has a number of implications and in fact perpetuates the shortage.
“First, businesses will likely understaff these positions leaving their businesses and customers at risk. This is particularly prevalent in businesses with small margins, low regulatory requirements and for small to medium enterprises,” says Jeff Schmidt, vice president and chief cybersecurity innovator for the Columbus Collaboratory. “The second is that cybersecurity practitioners will be overpaid for leaving roles quickly to go to the next opportunity for a salary bump. Clearly employee churn impacts a business negatively, but practitioners may lose the opportunity to grow and deepen skills as they move from job to job. This leaves a worldwide maturity and skills gap for leadership positions.”
Addressing the Issue
In central Ohio, businesses are joining forces with academia, nonprofits and government to confront the labor challenges.
The Columbus Collaboratory, formed in 2014 with a $33 million backing, last summer received another $14 million in financial support from its seven founding companies—American Electric Power, Battelle, Cardinal Health, L Brands, Huntington National Bank, Nationwide and OhioHealth—to share research and find ways to be more competitive by improving efficiency, security and customer focus.
Among other initiatives, the organization runs a rotational program for recent college graduates to provide five years’ worth of cybersecurity experience in two years.
In 2017, the Ohio National Guard brought together more than 30 public, private, military and educational organizations to form the Ohio Cyber Collaboration Committee, aimed at developing a stronger cybersecurity infrastructure and workforce across the state.
And last fall, Business Roundtable, a national association of CEOs, launched the Workforce Partnership Initiative for the Ohio region, an effort aimed at solving the challenge of recruiting and reskilling the local workforce to boost digital skills and fill in-demand jobs. Leaders from American Electric Power, Accenture, Aon, JPMorgan Chase, Business Roundtable, the Ohio Business Roundtable and Columbus State Community College teamed up on the regional initiative.
Columbus State has been particularly active in addressing the cybersecurity labor pool. The college has partnered with Nationwide Insurance to develop a cybersecurity certificate program, allowing its workers to more easily pivot to in-demand cyber jobs within the company.
Warner says Columbus State is continually in discussions with employers to understand their needs, ensuring its offerings are aligned to the needs of the community.
In August, the college will add cybersecurity to its learn-and-earn model, in which students take one year of technical courses before being placed in a sort of internship for on-the-job training (while continuing with some classes). Its journey toward solving or addressing the cybersecurity skills gap in the region started years ago, Warner says, but this is just one more step in that direction.
“The idea is that the students are productive and actually adding value to the employer,” he says. “I would say we’re very blessed in central Ohio to have many higher education institutions as well as having so many K-12 districts at the table, all with a shared common goal and motivation, which is closing the skills gap but also helping to create career pathways for students coming out of high school, community college or four-year colleges.”
Including Columbus State, 45 higher education institutions in the state have cybersecurity programs. The University of Cincinnati has one of just 20 National Security Agency-certified programs in the country.
While academic efforts and strategic partnerships are important, many employers know it’s also important to look within to solve the challenges.
American Electric Power says it is not experiencing the talent shortage to the extent many others are, namely because it recruits internally and trains top performers in cybersecurity.
“We do expect continued need for cybersecurity expertise across the electric sector and other industries,” spokeswoman Tammy Ridout says. “The Workforce Partnership Initiative is one way we are planning for our future workforce needs. The initiative will help ensure workers are trained for high-need jobs like data analytics and cybersecurity.”
Another solution for employers will be getting more women into the field. The nonprofit Center for Cyber Safety and Education estimates women make up only 11 percent of the global information security workforce.
To be sure, none of the efforts will be an immediate fix-all.
“I will say that I don’t think there are enough students going through programs collectively in our 11-county region to solve the need,” Warner says. “When we look at 3,000 open jobs, there’s just not enough in the talent pipeline. So I think employers that are getting creative in reskilling and upskilling their existing employees is an avenue to close that gap.”