As businesses become more digitally connected, their exposure to cyber threats increases. Managing these risks is a complex endeavor due to the rising costs of investment in equipment, software, and cyber talent.
In this report, we focus on the causes and consequences of the increase in cyber skills demand. Our first chapter highlights the factors that have increased companies’ exposure to cyberattacks, as well as the costs associated with this exposure. We highlight two notable trends that have drastically changed the landscape and importance of cybersecurity. First, the impact of geopolitics and the emergence of cyberwarfare. Second, consumers’ rising attention toward the security of their personal data. In the second chapter, we discuss how global and regional labor markets fare in the face of steep competition for cybersecurity talent. Using information extracted from the profiles of the active cyber professional population, we measure the supply of cyber skills and examine the characteristics of cyber professionals. Our spatial analysis focuses on recruitment difficulties across states and cities. In our last chapter, we turn to regulation, business strategy, and governance. We discuss the importance of compliance and how failure to comply with regulation can substantially increase the cost of a cyberattack.
We evaluate the costs and benefits of strict regulatory measures and explore alternative measures. We argue that cybersecurity is a public good and that firms should implement a resilient cybersecurity defense as their social responsibility.
- Cyberattack costs have started to bite: Apart from the direct costs, supply chain disruptions and reputational damage can be substantial.
- Cyberattack exposure risks and material costs have increased significantly in the healthcare industry.
- Geopolitical risks and the emergence of cyberwarfare have reached new levels, disrupting production networks and causing cross-border economic damage.
- Consumer attention toward privacy and personal data has peaked, magnifying the impact of reputational damage for firms impacted by security breaches.
- Asia is now the second largest market for cyber skills, surpassing Europe.
- Cyber skill demand rose significantly for many managerial positions. One-tenth of cyber job postings also require data privacy knowledge.
- The cyber workforce is relatively young — half of all cyber professionals have less than six years of experience.
- Excluding North America, cyber job openings take longer than other information technology (IT) positions to fill.
- Stringent data breach regulations, which emerged globally through a mix of better enforcement and heftier fines, make non-compliance a non-option.
- Data breach regulation can induce firms to increase investment in cyber skills, but it slows down business creation and increases exit rates.
The Cyber Problem
Cyberattacks are increasing — in number, complexity, and cost — driven by geopolitics and cyber warfare. By sector, there has been a distinct surge in cyber risk in the healthcare industry and cybersecurity is increasingly becoming a concern for firms globally.
Rise of Demand for Cyber Skills
Because businesses are increasing their digital footprints at the same time cyberattacks are increasing, the need for a workforce with digital skills is growing — both regionally and by industry.
Supply of Cyber Skills Not Meeting Demand
in the U.S., job listing data indicate there is rising demand for workers with cyber skills. In 2021, the aveage U.S. state saw 2.6 cyber job postings per cyber professional. In addition, compared to IT prefessionals, the age of the cyber-related workforce is relatively younger and job postings for cyber jobs are open for longer.
Addressing the Market Failure in the Provision of Cybersecurity
Exposure to cyberattacks depends on a firms' own cyber resilience as well as that of its partners and suppliers. The optimal provision of this public good can be addressed by government intervention via regulations, or by encouraging firms to integrate cybersecurity as part of the corporate social responsilbilty agenday. Demand for cyber skills rapidly increase in industries highly exposed to enforcement.