A new report by Capgemini’s Digital Transformation Institute highlights an urgent and growing cybersecurity talent gap, calling for new recruitment and retention strategies to help organizations contain cyber risks and build competitive advantage. The report, Cybersecurity Talent: The Big Gap in Cyber Protection, demonstrates that of all the digital skills necessary for organizations with aspirations of digital leadership, cybersecurity represents the biggest gap between demand for those skills and internal supply.
The report surveyed more than 1,200 senior executives and front-line employees and analyzed social media sentiment of more than 8,000 cybersecurity employees. Sixty-eight percent of organizations reported high demand for cybersecurity skills compared to 61 percent demanding innovation skills and 64 percent analytics skills. Demand for these skills was then set against the availability of proficient skills already present in the organization. This identified a 25 percentage point gap for cybersecurity skills (with 43 percent availability of proficient skills already present in the organization), compared to a 13 percentage point gap for analytics (51 percent already present) and a 21 percentage point gap for innovation (40 percent already present).
“The cybersecurity skills gap has a very real effect on organizations in every sector,” said Mike Turner, Chief Operating Officer of Capgemini’s Cybersecurity Global Service Line.“Spending months rather than weeks looking for suitable candidates is not only inefficient, it also leaves organizations dangerously exposed to rising incidents of cybercrime. Business leaders must urgently rethink how they recruit and retain talent, particularly if they wish to maximize the benefits from investment in digital transformation.”
The demand for precious cybersecurity talent is projected to grow over the next 2-3 years with 72 percent of respondents predicting high demand for cybersecurity in 2020, compared to 68 percent today. Set against increasing incidents of cyberattacks and the need for organizations to not only protect themselves but also maximize competitive advantage from digitization, the report recommends a series of tactical priorities for business leaders.
Priority 1 – integrate security
The first priority for companies is to assess how well security is integrated across the organization. What is the culture of cybersecurity outside the team with direct responsibility for keeping data protected? How security-savvy are app developers and network managers?
“It’s important to make the organization as a whole better at cybersecurity, aligning the enterprise with principles and processes that are secure from the ground up,” explains Turner. “Get the basics right, in terms of application development. Develop secure code. Make your network engineers and cloud architects better at securing the cloud. That’s a good way to fight the skills gap, because it teaches the organization to be secure by design.”
Priority 2 – maximize existing skillsets
“Another priority is to look at the, as yet, unrecognized cybersecurity skills that lie within,”said Turner. “Half of all employees are already investing their own resources to develop digital skills, showing an appetite to upskill. Organizations that struggle to recruit externally may be able to uncover candidates with adaptable skillsets who can be trained. Those functions with complementary and transferable skills include network operations, database administration and application development.”
In addition, companies should look at the requirement to embed security into every service and application, and hire business communicators to complement the technical skills in their team. Business analysts and technical marketers could be transferred to cybersecurity roles to enable the company-wide adoption of best practices.
Priority 3 – think outside the box
A third priority is for organizations to think beyond the normal recruitment strategies and understand the root skills of cybersecurity. Look at traits and skills present in completely different job roles and interview candidates the organization might not usually consider. Those currently in math roles for example, are often highly skilled at pattern recognition.
“Thinking outside the box is about understanding the transferable skills,” adds Turner. “For example, people on the autism spectrum are fantastic at pattern spotting and are often blessed with numerical and problem-solving skills, attention to detail and a methodical approach to work – all useful traits for cybersecurity best practice.”
Priority 4 – strengthen retention
The final report recommendation looks at retention of talent. In a highly competitive recruitment market, organizations must also look at engagement of existing employees to ensure talent gaps don’t worsen.
The report reveals that cybersecurity employees value organizations that offer flexible working arrangements, encourage training, and prioritize clear and accessible career progression. Within the new report, a difficult work-life balance was discussed as one of the five worst aspects of the job by cybersecurity professionals on social media and a main reason why they leave or remain dissatisfied with their company.
The clear majority (81 percent) of cybersecurity talent agreed with the statement: “I prefer joining organizations where I have a clear career development path” compared to 62 percent of all respondents in our survey. The number is even higher (84 percent) for Gen Y and Gen Z employees, who highlighted a lack of career progression as their number one concern. Managing these softer but equally important retention issues is a key requirement for building a viable and sustainable cybersecurity offering.
Research Methodology
Capgemini Digital Transformation Institute surveyed 753 employees and 501 executives at the director level or above, at large companies with reported revenue of more than $500 million for FY 2016 and more than 1,000 employees. The survey took place from June to July 2017, and covered nine countries – France, Germany, India, Italy, the Netherlands, Spain, Sweden, the United Kingdom and the United States and seven industries – Automotive, Banking, Consumer Products, Insurance, Retail, Telecom and Utilities.
Capgemini also conducted interviews with recruiters from global firms, cybersecurity associations and academics to understand best practices to mitigate the cybersecurity talent gap. Lastly, Capgemini analyzed the sentiments of around 8,400 current and former employees at 53 cybersecurity firms with at least 100 employees on social media. Selected firms operate primarily in the cybersecurity space covering (but not limited to) data security, cloud security, mobile security, enterprise security, email security, and application security.
A copy of the report can be downloaded here
Capgemini Report Probes How Legacy IT Can Keep Pace With The Cloud
Posted in Commentary with tags Capgemini on May 6, 2018 by itnerdCompanies using cloud technologies to automate their legacy applications and IT operations[2] processes are gaining a significant competitive advantage over those behind the curve: among Fast Movers, 75% have seen an increase in revenue and profitability while 80% of firms say their organization’s agility has improved. This is according to a new report from Capgemini and Sogeti which launched today. “The automation advantage: Making legacy IT keep pace with the cloud,” surveyed 415 IT executives at organizations with large legacy[3]estates across eight countries, to explore the benefits of applying cloud automation[4] to their IT operations processes.
Cloud automation bolsters business innovation
The use of cloud technologies to automate legacy applications and IT operations is resulting in business benefits beyond the bottom-line of revenue and profitability. Fast Movers deploy code twice as often as the followers. An even more select 5% of Fast Movers deploy code continuously. Capgemini’s 2017 research report, Cloud native comes of age, showed the proportion of new enterprise applications that are cloud native will more than double by 2020 in a bid to improve agility. However, today’s report goes further, highlighting that cloud automation is driving acceleration and agility.
Furthermore, fast moving firms see cloud automation as more than a cost-cutting or efficiency exercise; 75% of Fast Movers have attempted to use cloud automation to innovate their business models. Over eight in ten firms report that their customer experience has benefitted as a result.
Surviving the skills shortage
With 70% of executives identifying an absence of skills as a major challenge, companies need to be able to deploy the talent they have on the tasks with the highest business value. Using cloud technologies to automate legacy applications and IT operations is facilitating this, giving time back to highly skilled engineers to work on projects which boost the bottom line: 59% of fast moving firms have re-deployed engineers onto higher-value activities such as new development. Eliminating monotonous tasks has been a priority for Fast Movers, with 73% of application testing processes in these organizations now automated, nearly four times that of Followers. With this new-found flexibility, firms are starting to upgrade the skills of their existing staff in line with their DevOps strategies – benefitting management practices.
Cloud automation challenges
Despite clear bottom-line benefits, firms are holding back from using cloud technologies to automate legacy IT operations due to reservations over cybersecurity. Security (27%) and data privacy (19%) concerns are cited by firms as the toughest obstacles in the move to automation of IT operations processes, a trend seen across both Fast Movers and Followers. With GDPR coming into force on 25 May this issue has come into focus, with IT leaders now facing considerable pressure from CEOs and boards to ensure that technology initiatives do not create new data breach risks. However, with cloud providers being increasingly diligent and utilizing security as code processes, the move to automation can mean tighter security, not less.
Overcoming obstacles
To catch up with the Fast Movers included in the research, Followers have work to do if they are to remain competitive. The report sets out practical steps for Followers who are looking to embrace cloud automation and enterprise DevOps, including defining the automation strategy to meet business objectives and building the governance model, processes and culture for DevOps.
For more information on today’s news, or to download a copy of the report, click here.
Research Methodology
The analysis in this report is based on an online survey of 415 IT executives, conducted in October 2017 by Capgemini, Sogeti and Longitude.
Just over one-third of the respondents (34%) hold C-suite positions, and 66% are management-level IT employees. All respondents work in organizations earning $500m or more in annual revenue, and mainly in the financial services, consumer products, retail and distribution (CPRD), and power and utilities sectors.
Eight countries are represented in the survey sample: Australia, France, Germany, India, the Netherlands, Singapore, the UK and the US, with 40% of the respondents from the US, 40% from Europe, and 20% from Asia-Pacific.
To complement the survey, in-depth interviews were conducted with executives at influential First Movers: Securitas, Husqvarna, HashiCorp, Cisco IT Infrastructure Group, Octo Telematics, Poste Italiane, CA-SILCA and Danieli.
[1] “Fast Movers” are the 20% of those surveyed who are the most advanced in applying automation. “Followers” are those at earlier stages of automation maturity.
[2] The term “IT Operations” denotes infrastructure provisioning, configuration management, application testing, and application release.
[3] For the purposes of this study, the term “legacy” denotes applications and application infrastructure that organizations maintain on premise, and not in the cloud.
[4] Cloud automation is delivered using cloud-based tools, but applies to legacy and cloud-native applications, and can be executed in any cloud environment.
Leave a comment »