By Syam Madanapalli, Member of the Cybersecurity Working Group, IET Future Tech Panel
Delivering effective cybersecurity requires a unique blend of technical skills, knowledge, experience, and a keen ability to analyze data, communicate effectively, pay attention to detail, and constantly adapt to evolving threats and technologies.
In recent years, India has witnessed a surge in institutions offering cybersecurity certifications. According to recent reports, there are now more than 400 institutions nationwide providing diverse cybersecurity certification programs. Despite this growth, however, India continues to face a critical shortage of skilled cybersecurity professionals. A report by (ISC)² also indicates that by 2025, the demand for cybersecurity professionals in India is projected to reach one million, while the current supply stands at a mere 80,000. This glaring gap between supply and demand underscores the urgent need to bolster the number of qualified cybersecurity experts in the country.
Why is there a shortage of qualified cybersecurity professionals in India?
Several factors contribute to the shortage of qualified cybersecurity professionals in India. Here are some of the key reasons:
1. Rapidly evolving technology: The rapidly evolving technology landscape and new cybersecurity threats require constant upskilling and reskilling of cybersecurity professionals. We also need up-to-date equipment and labs for operational technology. However, we have underinvested and cannot compensate and retain talent in a globally competitive world, leading to a shortage of qualified cybersecurity professionals
2. Talent migration: Many skilled cybersecurity professionals in India migrate to other countries for better career opportunities and salaries. Even while in India, many are engaged in providing services to foreign companies. So Indian organisations need to compete in a far more open environment.
3. Low salaries: The liability costs or litigation on data and privacy loss of users and customers in India are relatively low in India. This allows a complacent approach to cybersecurity and talent recruitment and retention.
Organisations can maintain a healthy attrition rate in the cybersecurity domain by offering competitive salaries and benefits, providing growth opportunities, creating a positive work culture, recognizing and rewarding performance, and encouraging work-life balance.
Here are some strategies that organisations can adopt to maintain a healthy attrition rate in the cybersecurity domain:
1. Consolidate the skills that are required and outsource some of them. It may be challenging to have all types of roles fully staffed. Using third-party organisations to set up and monitor may be easier like most enterprises use a managed safety network.
2. A proactive approach, culture, and economics with a willingness to invest in cybersecurity. Quite often, such a system’s installation cost is high. A shared mechanism is ideal where there is a service provider or a government facility that subsidizes such skills and services is essential.
3. Offer competitive salaries and benefits: One of the most important factors influencing attrition rates is the compensation offered by the organisation. To retain skilled cybersecurity professionals, organisations must offer competitive salaries and benefits that match or exceed industry standards.
4. Provide growth opportunities: Cybersecurity professionals are often motivated by opportunities to learn and grow. Organisations should provide their employees with opportunities for professional development, such as training, certifications, and mentoring programs, to encourage them to stay with the organisation.
Moreover, with the rapid growth and development of the cybersecurity industry, the sector is in dire need of professionals who are adept in the following skillsets:
1. Network and asset security: Professionals with solid knowledge of network security are in high demand, as securing networks is critical to protecting organisations from cyber threats. Implementing zero-trust security is an essential skill in protecting critical infrastructure.
2. Cloud security: With more organisations moving their data to the cloud, professionals with expertise in cloud security are increasingly in demand. All hyper scalers have developed and evolved their security tools and mechanism, providing cybersecurity courses and training.
3. Threat analysis and vulnerability management: Professionals who can analyze threats and vulnerabilities and develop strategies to mitigate them are highly sought after in cybersecurity. The ability to gather, analyze, and respond to threat intelligence is a crucial skill for cybersecurity professionals. This includes knowledge of threat actors, attack methods, and indicators of compromise (IOCs). Managing vulnerabilities (the process of identifying, evaluating, prioritizing, and addressing vulnerabilities) is an essential skill to reduce cyber attacks and minimize an organisation’s risks.
4. Security automation, orchestration, and Incident response: With the increasing complexity of cybersecurity threats, professionals who can automate and orchestrate security operations are in high demand. In addition, incident response is a must-have skill as they can help organisations respond quickly and effectively to cyberattacks. Extended Detection and Response (XDR) is a new skill that many organisations are looking for. XDR combines multiple security products and tools into a unified platform to improve threat detection and response capabilities.