The cybersecurity talent gap is a known quantity. Companies across the globe are feeling the strain as demand for security support, innovation and skills soar despite a shortage of incoming IT professionals.

As noted by a recent Capgemini study, there’s a 25 percent gap between demands for cyber talent and existing supply. In addition, a Cybersecurity Ventures report predicted a shortfall of 3.5 million cybersecurity professionals by 2021.

So what’s the secret for companies struggling to achieve security goals even as malicious actors get more aggressive? How can they bridge the gap and get back on track?

The Cybersecurity Talent Gap Is Growing

According to the Capgemini study, 68 percent of organizations reported a high demand for cybersecurity skills. Analytics and innovation also made the list at 64 and 61 percent, respectively, but have smaller gaps compared to the whopping 25 percent cybersecurity gap.

Specificity is also a concern. A recent PricewaterhouseCoopers (PwC) white paper noted that, while finding a cybersecurity generalist is often possible, it’s much more challenging to find experts capable of managing enterprise-specific or legacy technologies.

According to CSO Online, this isn’t all bad news, since the increasing recognition by enterprises (and specifically C-suites) that cybersecurity is a must-have rather than an afterthought marks a watershed moment for the industry. Jennifer Steffens, CEO of IOActive, put it simply: “Organizations are waking up to the critical importance of security.” The next step, she said, is recognizing that “the workforce shortage will grow unless organizations also wake up how they approach finding and retaining talent,” she told CSO Online.

Using Existing Talent

Now that companies recognize the importance of cybersecurity talent, how can they close the skills gap? The PwC paper noted that some tasks can be handled by outsourced security services, reducing the number of in-house professionals required. In fact, 62 percent of respondents to the firm’s “Global State of Information Security Survey 2018” said they’re now using managed services for access management and threat intelligence.

The caveat is that it’s not possible to move everything off-site, meaning enterprises need a new source of skills. One option is to increase the value of cybersecurity positions within the organization. This means giving chief information security officers (CISOs) a spot at the table and giving skilled professionals the autonomy they need to get their jobs done. This includes solid budgets for continual training and responsibilities that go beyond simple break-fix scenarios.

Closing the Gap With New Collar Workers

As noted by Help Net Security, it’s also possible to level up existing enterprise talent outside of the IT pipeline. This includes customer service, business development, sales, law and finance professionals. Here, situational abilities and a willingness to learn matter more than an idealized skill set.

These employees could even be easier to train than traditional IT professionals, since they don’t come with preconceived notions of how IT has always been done. Companies need to put out the word that they’re interested in training new security professionals, see who steps up and then support burgeoning careers.

Traditional hiring has a place here too. Partnerships with technical colleges and universities are worthwhile, but the numbers don’t lie: Finding enough talent requires thinking outside the box.

Organizations now recognize the value of cybersecurity talent, and they’re setting security goals to match. The problem is that the talent shortfall means missed targets and increasing distance between expectations and reality. The solution is to get innovative by leveraging outsourced skills, increasing the value of cybersecurity positions and tapping new talent pools to help close the distance.

More from

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Why Zero Trust Works When Everything Else Doesn’t

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a "default deny" security posture. All people and devices must prove explicit permission to use each network resource each time they use that resource. Using microsegmentation and least privileged access principles, zero trust not only prevents breaches but also stymies lateral movement should a breach…

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Third-Party App Stores Could Be a Red Flag for iOS Security

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…