Despite a steady increase in cyber security breaches and cyber attacks, a majority of cyber security teams in India are understaffed. Indian organisations are grappling with the shortage of skilled cyber security professionals. Though there is a dearth of cyber security professionals across the globe, the shortage of skilled cyber security professionals in India is 9 per cent higher than the global average. As per an estimate by the Data Security Council of India, the country will need about one million cyber security professionals. According to findings from the State of Cybersecurity 2021 Part 1 survey report from ISACA in partnership with HCL Technologies, 49 per cent of the organisations surveyed say that they have unfilled positions in their cyber security divisions.
As per the report, the current pandemic has put the spotlight on an organisation's data protection and privacy. Nearly half of the respondents in the survey said that they had increased their spending on cyber security technology initiatives during the pandemic. Another issue that organisations are facing is that a majority of cyber security applicants are not well qualified and a few number of their HR teams understand their cybersecurity hiring needs.
The study found that cyber security professionals were not highly paid and had poor financial incentives and this was the primary reason for large scale attrition among these professionals. Limited growth and promotion opportunities for cyber security professionals in the country was the main deterrent for many professionals to take up cyber security as a career. Due to this, there were unfilled positions in their organisation, and it took anywhere between three to six months to fill an open position in the field.
The study also found that organisations in India were trying to address their problems by training non-security staff who were interested in moving to security roles, increasing use of reskilling programmes, usage of performance-based training to attest to actual skill mastery, increasing usage of contract employees or outside consultants and increasing their reliance on Artificial Intelligence and automation to meet their requirements.
“The Covid-19 pandemic and the resultant remote working has further emphasised the need for a robust cybersecurity approach. Upskilling, reskilling professionals to be able to quickly understand and address threats of data breaches and privacy is the need of the hour. For training and development of professionals to address the skill gaps in cybersecurity, the government, academia and industry will have to collaborate with each other. It is not only important to better prepare fresh graduates, but also to bring a wider pool from all streams and equip them with the skills needed to succeed in a cybersecurity career,” said R.V. Raghu, Member of ISACA’s Emerging Trends Working Group and Director at Versatilist Consulting India Pvt Ltd.
Experts point out that getting a skilled professional on cyber security has become a challenge because for each role the individual needs to have the right combination of multiple security skills along with technology, business and interpersonal skills as cyber security jobs have been morphed into hybrid roles as more and more businesses start to adopt digitization and digitalization as part of their business scale.
Currently, increasing cyber attacks on large economies, including India, have highlighted the need to focus on cyber security skills. It has been found that, unfortunately, neither the corporate nor the customer were willing to pick the tab on continuing costs associated with cyber security making skill development a low priority leading to severe shortage of skills in India.