The new study ‘Cybersecurity Talent, The Big Gap in Cyber Protection’ from the Capgemini Digital Transformation Institute has found that one of the biggest problems for effective cyber-risk management and protection is simply the lack of cybersecurity talent.


There is a worldwide pressing demand for cybersecurity professionals. From the organisations that are actively looking for digital talent, 68% is in need of cybersecurity specialists. That cybersecurity talent is a rare breed is demonstrated by the 25-percentage point gap between the demand for, and supply of cybersecurity skills (the talent gap). The demand for cybersecurity is not likely to diminish in the next few years.


This shortage of cyber talent has been identified before (e.g. in law enforcement and militarythe deficit of experts and rising demand) and was the motivation for setting up and executing the 'Human Capital Actionagenda Cyber Security' by the HSD office with several of her partners. Recently, Esther van Luit, a graduate from the Executive Master’s Programme Cyber Security from the Cyber Security Academy and senior security advisor at Deloitte has identified a similar cybersecurity skills gap. In her Study on the Potential of AI to Take on Cybersecurity Tasks, she has identified that by 2022 there will be a global shortage of approximately 1.8 million cybersecurity professionals.


How to bridge the talent gap

In the Capgemini report, eight recommendations for how organizations can bridge the cybersecurity talent gap are presented.


Priority One: Step up the acquisition of cybersecurity talent

  • Think outside the box to find cybersecurity talent
  • Hunt in areas where cybersecurity talent spend their time
  • Create a compelling story around the current leadership and team
  • Turn your gaze inwards, as your next cybersecurity talent might already be working in your company


Priority Two: Improve the retention of cybersecurity talent

  • Incentivize employees to upgrade their cybersecurity quotient
  • Promote gender inclusion by changing the perception of the cybersecurity field
  • Ensure Gen Y and Gen Z cybersecurity talent can visualize their career path
  • Automate the mundane tasks to free up cybersecurity talent’s time to focus on value-adding activities


Connection to the Human Capital Agenda for Cyber Security

These recommendations will have a more sustainable effect on the whole sector if triple-helix partners work together to bridge the talent gap. Examples are: attracting and educating worldwide young talent with for example the International Cyber Security Summerschool; providing and facilitating interesting careerpathswithin cybersecurity by partners; educating the young and train in awareness to “create a community of cross-functional professionals working or interested in cybersecurity within the organization”; higher retention in the sector through communities; providing new and innovative ways to attract talent like organising a hackathon for cybersecurity in SME's; inviting students to professional eventsproviding visible role models for diverse talents; organising hacking courses for high school students; diversifying talent in cyber and making it accesible for people of different backgrounds or with unique abilities