Blog Posts Business Management

Is your greatest cyber vulnerability a lack of cybersecurity talent?

Blog: Capgemini CTO Blog

Eight principles to bridge the talent gap

Click to Download

Organizations will pay a high price to understand their cyber vulnerabilities. In early 2018, Google paid $105,000 to a researcher who unearthed a security flaw in its Pixel smartphones. This is the highest-ever reward made as part of its Android Security Rewards program. Statistics for 2017 from Bugcrowd show that organizations paid, on average, $1,776 to researchers who identified critical vulnerabilities in their systems.

These reward programs underscore the importance of strong and secure systems in a world where the global average cost of a data breach in 2017 is estimated at $3 million+. There are many ways an organization can try to avoid these costs by putting in place security infrastructure, governance, and policies. However, there is one element that underpins all these approaches—cybersecurity talent.

Results from our research with 1,200+ senior executives and employees show that:

Figure 1: There is a 25-percentage point gap between demand and supply for cybersecurity.

The importance of learning and career development

To find and retain talent, organizations need to understand what motivates the people they are pursuing, with learning and career development key factors that cybersecurity talent prize:

Eight principles for attracting and retaining talent

From our research—as well as interviews we conducted with cybersecurity academics, recruitment consultants, and cybersecurity associations like ISACA—we have identified eight recommendations across the two key areas of acquisition and retention.


1. Think outside the box to find cybersecurity talent

Organizations like Auticon in the UK are employing autistic people as they are analytical and detail-oriented, skills that help in the security field.

2. Hunt in areas where cybersecurity talent spend their time

To engage the millennial audience during recruitment, organizations need to look at career apps, such as Debut, that bring students and large organizations together. Gamification also can create interest and Unilever has seen impressive results from its neuroscience-based hiring.

3. Create a compelling story around the current leadership and team

Our research shows that employees want digitally talented peers. Anchor-hiring (hiring senior executives who can attract more talent) can bring fresh talent into the organization.

4. Turn your gaze inwards, as your next cybersecurity talent might already be working in your company

Organizations should leverage the internal employee base—creating an inventory of existing skillsets and promoting cybersecurity communities.


5. Incentivize employees to upgrade their cybersecurity quotient

Organizations need to focus on reskilling and upskilling their employees. AT&T is leading the way with a massive initiative of retraining 100,000 of its workforce with various skills.

6. Promote gender inclusion by changing the perception of the cybersecurity field

Women are under-represented in cybersecurity and this lack of women goes back to STEM program enrollment and even further. Organizations should take up inclusion initiatives targeting female students in college and high school.

7. Ensure Gen Y and Gen Z cybersecurity talent can visualize their career path

A continuous feedback system for employees ensures that people have clarity over their career progression.

8. Automate mundane tasks to free up time to focus on value-adding activities

Automating the routine aspects of security jobs will help free up the employees’ time, allowing them to focus on more critical areas.

These eight principles can help organizations bridge the cybersecurity talent gap. To find out more, access our full research report “Cybersecurity talent—the big gap in cyber protection.”

Notice: JavaScript is required for this content.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples