The Cybersecurity Skills Gap and How to Solve It

by | Feb 24, 2022

Our digital footprint and online lives are expanding. The future will indeed be made and sustained online. But for every connected device and novel addition to our personal and interconnected networks, vulnerabilities abound. 

These vulnerabilities are being taken advantage of in almost insurmountable numbers. Cybercrime has risen 300% since the advent of COVID-19, and there is seemingly no end to who and where attacks can happen – from oil pipelines to ports, from social media networks to healthcare databases

Both physical and digital infrastructures are increasingly at risk of intrusion, and as we increasingly rely on the digital sphere to work, live, shop, socialize and manage our finances, the onus and responsibility of protecting these spaces fall at the feet of cybersecurity experts. 

The APAC region is no stranger to cyber-vulnerabilities:

  • 19 million ransomware and phishing attacks were noticed in Asia from February to May 2020,
  • APAC healthcare providers (lost) $23m to cyber attacks in 2021.

But the cybersecurity industry is growing at a pace to keep up with demand:

  • The APAC cybersecurity market valued at US$30.45 billion in 2019 is expected to register a CAGR of 18.3% from 2021 to 2026,
  • Cybersecurity roles in Asia-Pacific make up 23.2% of total jobs – up from 16.9% in 2020,
  • The fastest-growing country in the world was India.

Some of the most in-demand cyber security roles are:

  • Network security engineer,
  • Application security engineer,
  • Security engineer,
  • Information security analyst.


Is there a skills gap in cyber security, and if so, why?

The International Systems Security Association (ISSA) noted in a report in July 2021, “The cybersecurity profession remains systemically undervalued”, and pointed to three main features of poor skills training and an unattractive recruitment environment within cybersecurity:

  • Cybersecurity professionals need fair and competitive compensation – “not offering competitive compensation is the top factor (38%) contributing to the organizations’ cyber skills shortage”,
  • Investments in cybersecurity training need to be funded appropriately – “When asked what actions organizations could take to address the cybersecurity skills shortage, the biggest response (39%) was an increase in cybersecurity training so candidates can be properly trained for their roles”,
  • Human resources and cybersecurity teams need to align on business value – “One in four also said job postings at their organizations tend to be unrealistic, demanding too much experience, too many certifications, or too many specific technical skills”.

How can we amend the tech skills shortage in cybersecurity?

PwC released a report into the gulf in expectations between c-suite decision-makers and workers on the ground. Following on from the ISSA report above, and although ostensibly a report about tech use within work, it perfectly illuminates the legacy and generational issues in tech recruitment. 

It’s worth noting the holistic incentives and focuses of the below list. While “tech” in the broadest sense of the term covers a huge range of industries, from SaaS developers to semiconductor manufacture, people are still people – they want to work somewhere where their values are mirrored in corporate policy, where they are paid a fair day’s wage, where they are heard, where they can express themselves, and where they can build a career. 

  • Employees report that they’re willing to spend up to two days per month on training to upgrade their digital skills if offered by their employer—a median response of 15 hours each month,
  • 40 to 45% of employees prefer face-to-face interactions for tasks like performance reviews, getting help with difficult problems, and asking questions of their Human Resources (HR) team,
  • Most people in our survey are motivated by two distinct incentives: improved efficiency, and rewards that improve their status.

And finally, the following fact shows how the important work of tech – and the incredible skill sets of technically proficient workers – is going under-appreciated or ignored, 

  • Only 47% (of respondents) agree that their employer does a good job communicating about the importance of digital skills for the success of the company.

The importance of tech to the wider economy and to a user-base is well known, but what’s ignored is the internal skills development and requirement of good technical knowledge within their own company, to support company and personal growth.

What next for tech skills development?

The demands of our growing tech talent pool continue to put pressure on every employer in the APAC tech industry. The rising requirements of AI and automotive processes; the metaverse; blockchain tech; wearable tech; the advancements keep coming and the demands on tech creators keep rising. 

To address the skills shortage in cybersecurity takes brave leadership, investment in people, commitment to training and reskilling, and due care and attention to creating positive working environments. It’s worth highlighting a Dice report on Six Skills You Need to Succeed in Cybersecurity as a guideline to building the best culture in which to train, attract, and retain cybersecurity talent. Employers should focus on:

  • Solid Work Habits,
  • Soft Skills,
  • Technical Skills,
  • Implementation Skills,
  • Management Skills,
  • Grasping the Big Picture.

How to hire the best cybersecurity professionals.

When your talent pool is small, and demand is high, you need to focus on things you have control of

  • For example; remuneration, incentives, and bonuses; hiring bonuses; commitments to training and development; your culture; and finally, your brand and engaging with a wider network of professionals, recruiters, and experts in the field to augment your leadership in your sector. 

In summary, our advice is the following:

The basics of recruitment really matter – remember to treat your employer’s value proposition as a constantly evolving, flexible promise to your staff, to give them a good job, with good pay, good opportunities to grow, and development as standard. 

The tech field is noisy, and every cybersecurity professional knows they are in high demand. They will also be at work, very busy, and very choosy about their employment – so spreading your employer brand as wide as possible, engaging with recruiters to open up new talent pools in emerging economies and countries, and applying your brand presence consistently will make you stand out. 

In effect, you’ll become a magnet for APAC-based cybersecurity talent seeking new opportunities. 

Connect with Datasearch Consulting

on LinkedIn

Need help in finding tech talents for a Singapore-based company? You can count on Datasearch Consulting to lend you a hand. 

While the talent market has undoubtedly become more competitive for both recruiters and HR professionals, we remain dedicated to connecting our partners with the right tech or IT talent. 

Connect with us at Datasearch Consulting for more information about our recruitment solutions for tech companies and functions.

Dan Branchflower is the Associate Director – Technology at Datasearch Consulting, a leading executive recruitment firm specialising in the Cyber & Cloud Technology sectors.

You can download their FREE comprehensive guide on “The Complete Guide to Hiring Fintech & Data Talent – 5 Proven Steps to Secure the Best Candidates Possible” here Alternatively you can view the Datasearch Consulting website or contact them directly on for a more detailed discussion

Recent Articles

Talk to us

    Share This