No prizes for guessing why, but the long-term implications for India and the world may require a global rethink.
When it comes to cybersecurity, two-thirds of Indian organizations in a study had believed they were proactive, which is the highest percentage of any country.
Despite that, 60% of respondents had confirmed that their organizations were struggling to recruit people with cybersecurity skills whereas 27% believed that the number of external security partners their company used will increase significantly in the next one year.
A study by the Information Systems Security Association had found that the most significant factors behind data breaches are the lack of proper training of non-technical employees and the lack of highly skilled cybersecurity professionals.
According to Siddharth Gandhi, COO (Asia Pacific), 1Kosmos: “Over the last 18 months, several corporates have realized where they stand in terms of cybersecurity. From an operations standpoint, there are three components: people, processes, and tools to bring in scale, efficiency and automation. However, if you don’t have the right skills, the other two aspects will suffer badly. Today, the shortage of right skills availability is creating a gap and challenge for not just corporates but for consulting and cybersecurity service providers who cannot find enough skills to serve customers.”
Filling the cyber skills gap
So how big is this skills shortage in the country?
The Cybersecurity Workforce Study by the ISC has estimated the gap to be around four million, aggravated by the pandemic.
A report by Michael Page India put this at 43% shortage with skills such as application development security, cloud security risk management, threat intelligence, data privacy and security rank high in priority in the Asia Pacific region (APAC). It further stated that due to the sudden rise of cybercrime amid the pandemic, 95% of businesses in APAC do not have adequate cybersecurity, making them vulnerable to frequent attacks.
Yet another report from the Information Systems Security Association revealed that nearly 57% of respondents had been impacted by the global cybersecurity skills shortage, while 62% had said that the skills shortage increased the workload on existing staff. Some 38% had indicated that the new security vacancies were left unfilled for weeks or months. A third felt that the skills shortage had led to employee burnout and attrition. Finally, 76% of security professionals polled said it was either “extremely” or “somewhat difficult” to recruit cybersecurity professionals.
According to Siddharth: “The way to address this shortage is to bring in people. As a country, we have always focused on being the IT export house for the world. But we have not focused much on the value-added capabilities around cybersecurity. Cybersecurity is a mindset and you have to have processes and control. You need to create education and awareness which is possible only with people.”
So how long will it take to fill in the gap? According to Siddharth, it will take over a year-and-a-half as corporates have just started going to campus, onboarding them and training them around full cybersecurity framework and knowledge.
“Recently even RBI came out with the requirement of banking, financial and insurance sectors around how the OTP and security measures are managed, to ensure the security of customers,” said Siddharth. Such moves will also drive corporates to address the security concerns.
Grooming the next generation
Industry and academia have been working together for a while to address this cyber skills shortage. According to Dr Anbuthambi B, President, ICT Academy: “Nowadays more interactions happen between industry and higher education institutions, to maintain industry-relevant skills of teachers and students. Organizations like ICT Academy enable the collaborations between academia and corporate to bridge the skills gap. The industry itself extends their support to the academia in terms of tools, software and access to the training.”
Yet, the question that remains is: do we have the required skills to prepare the next generation of cyber industry experts?
Dr Anbuthambi said: “Yes, we do. ICT Academy, like many others, provides cybersecurity awareness and cybersecurity training to graduating students in partnership with leading industry players. Also, the students and teachers have good understanding of the career opportunities in the field of cybersecurity. This creates a passion in the next generation to pursue careers in cybersecurity.”