Could technology help bridge the cyber security skills gap?

In a recent industry report on cyber security,[1] two figures stand out among the key findings.

First: $4.88 million. That’s the estimated average total cost of a data breach today, up 10% on last year and the highest since the pandemic. The rise was driven by the greater cost of lost business, a higher average cost of responding to a breach, and a rise in regulatory fines.

Second: 26.2%. This is the growth in the cyber skills shortage compared with the previous year. More than half of organisation polled by IBM* in the research said they are facing ‘high’ levels of security staffing shortages.

The ongoing rise in the costs of cyber attacks helps explain robust growth forecasts for the cyber security market, with one estimate forecasting a compound annual growth rate of 12.3% per annum between 2023 and 2030.[2]

Amid growing concerns over the skills gap, technological advances promise to revolutionise how cyber security professionals protect the digital world. For investors, the creators of these technologies could be an interesting area given the vast – and constantly growing – addressable market.

An increasingly complex threat landscape

The UK’s Department for Science, Innovation and Technology (DSIT) produces an annual report helping to shed light on the cyber skills gap. Its latest report[3] finds that, among organisations that don’t outsource cyber security, almost half say they are not confident they would be able to deal with a cyber attack. This marks a stark rise from 2020, when only 27% said they felt unable to deal with an attack.

This loss of confidence might not come as a surprise given the increasing complexity of the cyber security landscape. Attackers are increasingly able to target and exploit vulnerabilities – so-called zero-day exploits. Google’s Threat Analysis Group and Mandiant found there was a 50% rise in zero-day vulnerabilities exploited in 2023 compared with 2022.[4]

As well as traditional cyber attacks, sophisticated, coordinated attacks are making life harder for defenders. Ransomware is increasingly being displaced by data extortion,[5] while fears are rising that artificial intelligence (AI) could be weaponised by attackers.

Supply-side workforce pressures are also contributing to the shortage of cyber experts. The DSIT’s research found a lack of diversity within the profession remains an ongoing problem, as well as a lack of entry-level positions and apprenticeship routes into the industry.

World Economic Forum (WEF) research[6] also cites a lack of distinct career paths, outdated training and costly certifications as key factors in the skills gap, which it estimates at 4 million cyber security professionals globally.

Bridging the gap

Both the DSIT and WEF point to increasing the diversity of the cyber security workforce as an important first step in overcoming the skills gap – the lack of women and ethnic minorities in cyber security degrees unsurprisingly tallies with a lack of these groups in the workplace.

They also agree that creating more entry-level roles and creating programmes to upskill existing staff could help boost numbers.

Encouragingly, there are signs that businesses are looking beyond traditional four-year degrees to find qualified cyber security staff,[7] with tech ‘hyperscalers’ offering free training and certifications in exchange for use of their platforms.

How technology is changing cyber security

While there’s no doubt that more human cyber experts are needed, technological advances hold the promise of a step change in their productivity, providing hope that the tide could be turned in the fight against cyber crime.

Although AI could accelerate the existing trend of all aspects of cyber crime becoming available to non-specialists, it is equally being used to help defend organisations.

AI may also help reduce stress levels within the industry by automating routine tasks such as log analysis, threat correlation and vulnerability scanning, allowing cyber professionals to spend more time on higher value-add work.

With the global cost of cyber crime estimated to rise from $9.22 trillion in 2024 to $13.82 trillion by 2028[8], it’s clear the security industry has every incentive to seize the advantage in the race to innovate. For investors, these innovators could drive a new wave of growth in the cyber security industry.

 

*For illustrative purposes only. Reference to a particular security is on a historic basis and does not mean that the security is currently held or will be held within an LGIM portfolio. The above information does not constitute a recommendation to buy or sell any security.

 

[1] Source: https://www.ibm.com/reports/data-breach

[2] Source: Cyber Security Market Size, Share & Trends Report, 2030 (grandviewresearch.com)

[3] Source: Cyber security skills in the UK labour market 2024 - GOV.UK (www.gov.uk)

[4] Source: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf

[5] Source: Sharing is Caring: Ransomware and Extortion Actors Increase Threat Levels through Cooperation • KELA Cyber Threat Intelligence

[6] Source: Bridging the Cyber Skills Gap - Why is there a cybersecurity talent shortage? World Economic Forum Centre for Cybersecurity (weforum.org)

[7] Source: To fill cybersecurity skills gaps, experts look to novel measures | Cybersecurity Dive

[8] Source: Chart: Cybercrime Expected To Skyrocket in Coming Years | Statista