February 13, 2023 – Increasingly, organizations of all sizes are awakening to the perils posed by cyberattacks. For years, many groups tried to ignore the problem, dismissing cybersecurity as a concern only for the biggest, most high-profile entities, be they government or corporate. These days, more groups are coming to understand how ruinous such intrusions could be and cyberattacks show no signs of abating.
A report last year from Accenture, in fact, said the threat is only growing, with an average of 270 attacks per company, up 31 percent from 2020. A report from McKinsey & Company, meanwhile, projects that damage from cyberattacks will amount to about $10.5 trillion annually by 2025, a 300 percent increase from 2015 levels. Globally, organizations spent close to $150 billion for cyber protection last year, a number that’s growing by 12.4 percent each year. The global cybersecurity total addressable market could eventually grow to as much as $2 trillion, said the management consulting firm.
Attacks from state supported operators, cybercriminals, business competitors, and even lone individuals have the potential to wreak havoc on businesses. Beyond the financial woes, there is the possibility of damage to reputation and trust, shutdowns, harm to the potential sale of a business, lawsuits, even legal penalties that can leave a company reeling. And when the U.S. government is the one under siege the concern only escalates. All of this has led to a dramatic rise in the demand for cybersecurity executives and search firms in this sector continuing to grow.
Globally, there is a severe talent shortage in the cybersecurity job market. The World Economic Forum (WEF) recently reported a shortage of 3 million cybersecurity professionals around the globe. The lack of cybersecurity experts has left many businesses in a tight spot, according to new report from TriSearch’s Travis Thomas. The National Center for Education Statistics (NCES) says that companies now see cybersecurity as a mission-critical task, so the demand for cybersecurity professionals is growing faster.
“The lack of cybersecurity professionals has led to various issues, such as an increase in malicious breaches and the theft of personal and financial information,” said Mr. Thomas. “The nation’s digital and cyberinfrastructure, including its economic, utility, and transportation networks, is under threat, and the situation appears to worsen by the day. Cloud security, application security, and security assessment/investigations are the top three technological domains most impacted by a cybersecurity skills shortage. When there aren’t enough people with these skills, employers must pay more for them.”
As technology becomes more digitally connected, the need for cybersecurity specialists will increase in the coming years, according to Mr. Thomas. “Security threats will grow in parallel with the Internet of Things and cloud computing,” he said. “As a result, the demand for expertise to tackle these issues will also surge. Managing cybersecurity is important, and employers need to look for people with experience and a good track record.”
Rapidly Growing Market
The need for cybersecurity professionals has been growing rapidly, even faster than companies can hire – and that demand is expected to continue. “With massive industry growth comes the need for more trained cybersecurity professionals,” said Jamie Javorsky regional president- technology search and staffing at StevenDouglas. “Organizations are challenged in hiring cybersecurity experts who are equipped with the skills to defend the complex attack surface, like the cloud, and can operate the new technologies that are being implemented daily.”
“Companies continue to hunt for cyber talent, but many of these jobs require credentials, certifications, or a master’s degree in the field,” Mr. Javorsky said. “There are simply not enough people in cybersecurity with the skills to handle the new threat landscape and lack of certified professionals that companies are seeking. Bottom line the demand remains high, and qualified talent pool low. And while cybersecurity professionals can potentially earn high salaries, the pay scale is all over the map and many companies haven’t positioned themselves correctly for recruiting and retaining the right talent.”
Cybersecurity is a crucial part of all businesses, particularly given the advancements of today’s payment platforms and ever-increasing cloud-based data storage, leaving them exposed to threats and cyber-attacks, according to Mr. Javorsky. “Additionally new technology innovation is in rapid deployment including the evolvement of mobile/artificial intelligence/machine learning tools/ Web 3.0/Meta, thus resulting in companies’ enablement to keep up in this new era to protect the organizations exposure to data/ financial attacks and breaches,” he said.
The Challenge of Recruiting Cybersecurity Talent
In recent years, cybersecurity recruiting has probably changed more than any other area of technology recruiting. It plays a key role in the success of every company and industry. Moreover, cybersecurity is critical to protecting the information of hundreds of millions of people all over the globe. “Recruiting cybersecurity executives can be extremely challenging,” said Frank Scarpelli, managing partner and chief executive officer of technology-focused search firm HireWerx, in a recent interview with Hunt Scanlon Media.
Mr. Javorsky also notes that as the technology security ecosystem evolves and becomes ever more advanced and intelligent, the demand for these top executives at this strategic level has never been higher. “Companies are unable to ensure that their internal systems will remain protected, meanwhile, turnover for these executives is unusually high due to the level of stress involved resulting in high burnout and short retention,” he said. In fact, a recent article in Cybercrime Magazine said that 24 percent of Fortune 500 chief information security officers (CISO) are on the job for just one year.
Maturity of the Cybersecurity Market
Mr. Javorsky also says that the ever-increasing maturity of the cybersecurity market has naturally increased demand for people who can combat cybersecurity threats at a strategic and board level. “As this domain continues to grow, more and more organizations are now attracting virtual CISOs to meet the talent shortage and challenges presented,” he said. “As cybersecurity becomes more mainstream, I believe we are going to see many people with the right skills being elevated into these positions within most enterprise organizations.”
“Twenty years ago, cybersecurity was not in the broader ecosystem as we see it today,” said Mr. Javorsky. “The advancements started to emerge at the start of the social platforms era and has rapidly scaled in the last decade. This then resulted in more and more data through cross platforms, leading to the rise of ransomware attacks and beginning of multi-factor authentication. Given the current data driven environment we have emerged, and the use of mobile devices allowing access anytime and anywhere, and new generation of users combined with technological advancements within the AI, ML, and data domains; this will only intensify as we evolve and enter the next gen of Web 3.0 and metaverse, which will present further unique challenges for organizations within the security landscape.”
Cybersecurity remains a domain that is top of mind in the board room, by consumers and business leaders alike, according to Joyce Brocaglia, managing director and global practice leader, cybersecurity of Alta Associates (recently acquired by Diversified Search Group) and founder of the Executive Women’s Forum, a professional membership organization for women in cybersecurity, risk management, and privacy. “There is a groundswell of demand in the market for qualified and diverse cybersecurity talent, and we don’t anticipate that evaporating as the economy softens,” she said. “This year Alta Associates | Diversified Search Group has seen an increase in executive and C-suite cybersecurity and IT risk searches with companies seeking unique skill sets that include technical competencies, leadership capabilities and business acumen. Corporate boards are becoming more aware of the importance of their role to ensure the appropriate management of cyber risk. With cyber threats increasing and regulators considering new requirements for disclosure of their cybersecurity governance capabilities, companies will continue to bolster their investment in cybersecurity and those cyber executives who are leading the charge.”
“Cybersecurity is extremely important because it is ubiquitous,” said Ms. Brocaglia. “With most companies experiencing digital transformation, remote and hybrid workforces and increased threats, cybersecurity is fundamental to protecting a company’s assets, stock price and market reputation. Forward thinking companies are utilizing cybersecurity as a competitive advantage and market differentiator. Having the right cybersecurity and IT risk leaders in place enables businesses to grow faster, partner effectively and innovate and deliver products securely.”
Every CISO or cyber leadership role the firm fills requires a combination of technical skills, business acumen, and leadership capabilities; and each role’s exact requirements are unique to that particular organization, according to Ms. Brocaglia. “The CISO role is not a one size fits all, it varies by reporting structure, staff size, scope, and maturity of the program,” she said. “As such, it takes a three-pronged approach to ensure that you are finding the best possible candidate and not just the best available candidate on the market. That’s why Alta Associates | Diversified Search Group does our research and identifies new talent; we utilize our known relationships for outreach to potential candidates and we connect with great leaders for referrals of people they highly recommend.”
“Because we understand the different archetypes of CISOs we can identify which background fits best with the requirements of that particular role and then only present candidates that are highly matched to the competencies they are seeking,” Ms. Brocaglia said. “The reason why companies have a hard time hiring CISOs by using their internal recruiting departments, is that their recruiters are often not sophisticated enough in their understanding of cybersecurity and lack the relationships and networks to identify, attract, and hire exceptional passive candidates in this highly competitive market.”
One of the most recurring challenges companies hiring cyber executives are facing is the increased salary expectations of qualified candidates. Ms. Brocaglia says the quandary is that hiring managers must either recalibrate their compensation ranges or reduce their expectations of what skills are possible to attract. In addition to compensation, candidates are also giving weighty consideration to companies that provide flexible or remote work environments.
With a staggering $334 billion global cybersecurity revenue expected by 2026 – vs. $220 billion in 2021– the emergence of cybersecurity as a top priority of company boards is not a surprise. Recruiting in cybersecurity is expected to continue to boom, driven in part by significant growth in the consumer market, according to Raffaele Jacovelli, managing director at Hightech Partners (HTP).
“The rapid emergence of interconnected industrial or consumer devices and associated security risks with scarce security upgrades could favor the sector’s growth as it poses relevant vulnerability risks and issues,” said Mr. Jacovelli. “In addition to the rising frequency of attacks, the emergence of zero days, ransomware is also gaining prominence, and has been used in several high-profile attacks. It is the most concerning type of cyberattack for business leaders.”
As already indicated, the demand for CISOs is very strong – and will remain as such in the near future. Mr. Jacovelli points to two different reasons: “On one side, the increase in digital transformation initiatives, penetration of internet connectivity, and susceptibility stemming from IoT connectivity is likely to increase the need to adopt of cybersecurity solutions. At the same time, the general structural shortage of skills in the digital domain has increased the gap between demand and offer: The pace at which people are educated is not fast enough in comparison with the acceleration driven by the digital transformation.”
“The executive search industry should act certainly on the side of the individuals creating a pool of CISOs to be provided on demand – we are looking at this option currently – or partner with companies that can provide CISO-as-a-service leveraging multiple wide competences,” Mr. Jacovelli said. “In this case the role is not covered by a single individual but by several professionals that obviously have operated in an orchestrated but flexible manner. We have already invested in this area acquiring a relevant stake in a company, Ataya & Partner, that is recognized as a leader and a subject matter expert in the domain in continental Europe.”
Cybersecurity has become a relevant area of attention since the rise of the internet era, over 25 years ago, says Mr. Jacovelli. “At the time the Trojan horses were introduced mainly by email, hence the growth of the ‘antivirus’ business,” he said. “With the explosion of broadband, IoT, and 4G about 10 years ago the need to create a cybersecurity practice or unit has emerged strongly. We have started running systematically CISO searches in 2015 and since there has been a constant flow, further accelerated in 2017 by the decision to embrace digital transformation by several leading companies.”
Contributed by Scott A. Scanlon, Editor-in-Chief; Dale M. Zupsansky, Managing Editor; and Stephen Sawicki, Managing Editor – Hunt Scanlon Media