The IT skills gap isn't as bad as you think -- it's worse, much worse. Especially in the area of cybersecurity, that skills gap is a major threat to your business.
The skills gap all IT organizations struggle with can be summed up in three words: "not enough people," according to author and Wall Street Journal columnist Gary J. Beach (Beach is also publisher emeritus of CIO magazine and CIO.com). But when the skills gap is viewed through the lens of cybersecurity, it becomes much more than an HR struggle to put bodies in seats - it can be dangerous and costly.
CIOs must take advantage of their unique position in the C-suite to drive increased emphasis on security spending, hiring quality talent and furthering education and training for that talent, or risk catastrophe.
Security is a sound investment
The paradox inherent in enterprise security is that if you're doing it right, no one can tell, says Mark Weinstein, founder of social media platform Sgrouples, CEO of MeWe.com and a cybersecurity and privacy expert. According to Weinstein, CIOs must be vigilant about explaining the real risks and threats, and be willing to drive the investments necessary to mitigate them.
"One of the major issues here is that if you're doing security right, you're not necessarily going to see the results. You're not going to get the huge breaches, you're not going to get the highly publicized failures, which you'd assume is a great thing, but that can lead to complacency -- and an unwillingness to invest in skilled talent, preventative technology and education and training to keep organizations secure. So it's all about being able to understand threats, how they're evolving and why, and be proactive about heading them off before they occur," says Weinstein.
That proactive approach must also extend to communicating effectively about the nature of potential and emerging threats and continuing to make security a priority across the entire organization, says Elaine Varelas, Managing Partner of Keystone Associates. That includes realistic assessments of the costs and benefits of a sound security strategy.
"Organizations tend to reward people who save them the most money, but especially in the area of security, they don't always understand at what cost that's being done," Varelas says. Organizations that are security conscious enough to have a chief security officer are often more proactive about security issues, but for those that aren't, the burden often lands on the shoulders of the CIO.
"If you're trying to squeeze out a few extra bucks by hiring cheaper talent, slashing software budgets or eliminating training and education, well, in the short-term you might be rewarded. But someone must be asking the question, loudly, 'Does this increase our risk? At the highest executive level, some CEOs will say, 'Well, that's not my issue, I hired a CIO for that,' but the constant vigilance about security, risk and threats has to be spread across the entire organization, not just on the shoulders of one exec," says Varelas. CIOs must be confident enough to maintain, with the help of the CFO, the financial balancing act of risk-versus-reward so everyone understands how to make the best, most secure decisions.
Sign up for CIO Asia eNewsletters.