Companies know they can’t afford to underspend when it comes to cybersecurity. As noted by Dark Reading, security budgets are finally ramping up as businesses commit to giving CISOs a seat in the boardroom and IT professionals the tools they need to safeguard critical data.

The problem? According to SC Magazine, reporting on a recent National Cyber Security Alliance (NCSA)/Raytheon study, a widening skills gap between the number of workers needed and those available to fill emerging positions. What’s more, the gender gap in cybersecurity is also increasing as fewer women are introduced to or even considering IT careers.

Bad News and Low IQs

As the Dark Reading piece pointed out, increased media coverage of data breaches and other security events has prompted C-suites to re-examine both security spending and their perception of the discipline as a whole. Given that network compromise is now a question of when, not if, the model of IT security as merely a cost center no longer applies. Instead, effective cybersecurity initiatives are now viewed as drivers rather than limiters of ROI: Without defensible architecture and data policies, companies spend more time cleaning up security messes than moving forward in their market niche.

But more money doesn’t automatically equal better protection. Consider recent survey data reported by the Computer Business Review: In the U.K., just 26 percent of workers asked could identify a distributed denial-of-service (DDoS) attack, while 70 percent didn’t know which Wi-Fi standard offered the highest level of security. Even more worrisome? A mere 28 percent understand the IoT acronym.

Bottom line? The bulk of employees still aren’t security-savvy despite access to powerful smartphones, tablets and cloud services. The next logical step is hiring better security pros, but more cash can’t make them appear out of thin air. With fewer young adults interested in cyber careers, money may not be enough.

Survey Says Skills Gap Persists

So what’s keeping young men and women out of the cybersecurity field? Part of the problem is disinterest. As noted by ITProPortal, there’s often a disconnect between the perception of cybersecurity jobs and reality. On TV and in movies, security pros are seen perpetually hacking systems and squashing bugs, while in actuality, IT workers spend a great deal of time writing reports and double-checking data. When prospective candidates realize this isn’t what they signed up for, some lose the drive to learn more.

The Raytheon study also found that 74 percent of women and 57 percent of men said their schools did not offer the skills needed to pursue a cybersecurity career, while just 60 percent said computers were introduced to their classrooms by age 9. There’s also a widening gender gap — five times bigger than last year, in part because only 33 percent of women were made aware of potential careers in cybersecurity. In a field hurting for people with skills to fill open positions, the growing gender divide is worrisome.

Improving the number of skilled prospects is possible but won’t be easy. The first step is better integration of cyber studies into both primary and post-secondary schools to help give kids the foundational knowledge needed to both grasp tech concepts and fuel an interest later in life. Since mastering even a single facet of IT is a lifelong process, post-secondary institutions would be better served by focused curricula designed to prepare graduates for specific jobs.

As far as enterprises go, having money on hand may no longer be enough. One option is current staff retraining, and others include post-secondary degree sponsorship and recruiting drives that focus on recent grads both at home and overseas.

The skills gap in cybersecurity is growing, and with it a gender divide. Defending corporate networks demands inclusion and cohesiveness, which is only possible once both gaps are closed.