Retaining cyber talent in the Great Resignation

In this guest article, Mandeep Thandi, Director of Cyber & Digital at Gemserv, outlines how businesses can retain cyber talent in the era of the Great Resignation.

2021 was dubbed the year of the “Great Resignation” – a year when workers quit their jobs at historic rates. This trend was driven by an economic and psychological shift prompted by the pandemic as employers struggled – and often failed – to tempt anxious staff to return to industries that have too often treated workers as dispensable. The reality, however, is more complex.

Quitting, most economists will tell you, is usually an expression of optimism. And yet, 2021’s record resignations happened against a larger economic picture that remains difficult to interpret with confidence. Pandemic-related cash from the government helped people weather the worst of Covid, but much of that cash is now gone. Unemployment rates have fallen sharply from their highs. Alongside this, labour force participation rates – the percentage of people in the workforce or looking for a job – are up, albeit modestly.

How is the Great Resignation impacting cybersecurity?

For businesses, the high rate of churn brought on by the Great Resignation has the potential to cause major operational challenges, impacting everything from strategic development to quality-of-service delivery. In areas where demand for talent was already outpacing supply, like cybersecurity, the implications are significant.

A recent report by the Information Systems Security Association and industry analyst firm Enterprise Strategy Group said the cybersecurity skills crisis “continues on a downward, multi-year trend of bad to worse.” The top ramifications of the skills gap include an increased workload for existing cybersecurity teams, unfilled job openings, and a high burnout rate among staff, according to the researchers. The majority of the organisations (95%) said the security skills shortage and its associated impacts have not improved over the past few years and 44% said it had gotten worse.

At a time when cybersecurity units are already stretched, retaining top cyber talent should be a number one priority for businesses. Lack of expertise will mean risk assessments and mitigation plans are not completed and maintained, resulting in risk programmes that aren’t up to standard.

While systems and network infrastructure can rely on software and automation to profile cyberattacks, an organisational effort is still needed, for example, to patch vulnerabilities, verify access controls, manage back-up systems, review incident response plans and ensure policies, frameworks and training programmes are kept up to date. Operating without a full team may be manageable in the short-term, but beyond that it puts the organisation at risk of human error, leaving it vulnerable to cyberattack.

Mitigating the cyber talent shortage

Businesses may look to mitigate the cyber talent shortage by engaging additional external resources. Any consultancy assignments should include knowledge transfer to build internal capability. All associates or new staff joining must be fully vetted before they’re entrusted with the organisation’s systems.

One of the best strategies for finding and retaining new technology talent is through increased diversity and internal career development. That means broadening the search for people and then offering them opportunities to learn new skills, take part in ongoing training and prioritise personal development.

Businesses can no longer rely on recruiting graduates alone – it’s too limiting and excludes a broad group of talented people. Individuals don’t necessarily have to possess technology skills or have a particular educational background or experience to take on technology roles. They might need to begin at an entry-level and receive training before moving into a technology role full time. Ultimately, we need to recognise the potential in someone with the right “soft” skills.

Diversity can play a significant role in helping to close the talent gap, too. Companies can help to promote the advancement of minorities within their organisations through mentoring and sponsorship programs. But upskilling is a key to career advancement. It’s important for companies to not just hire from under-represented communities, but to be intentional and deliberate about retaining them and creating opportunities for them to advance in their roles.

When it comes to technology talent today, for many organisations the only way to acquire the requisite skills and experience is to poach people from other companies including competitors. But that then leaves the other companies with talent gaps that they will seek to fill in the same way, and the cycle continues. By focusing on bringing in entry-level workers and expanding their capabilities through training and other learning programs, organisations can expand their talent pool and mitigate some of the fallout from the Great Resignation.