The number of cyberattacks continues to rise as we spend more time online and assets are moved to the digital universe. In fact, the average number of cybersecurity attacks per company per year rose 31%, to 270 attacks, according to a 2021 report from Accenture. In reaction to the growing number of cyberattacks, companies are spending more money to protect their digital assets.
The global cybersecurity market is projected grow to a $2 trillion addressable market, which is 10 to 15 times the amount of current spending, according to a new survey conducted by McKinsey & Co. This steep market projection puts pressure on companies to invest in the right cybersecurity talent.
“The biggest challenge that our market faces is that threat actors are working around the clock to find new ways to exploit and attack their victims. There are no days off. There are no hours off,” Nick Schneider, CEO of cybersecurity firm Arctic Wolf, tells Fortune. “In many ways, the bar of innovation in cybersecurity is set from the outside, as our industry races to stay one step ahead of threat actors, creating an ever-present challenge for the cyber teams protecting businesses of all sizes.”
The challenge of combating a growing number of cyberattacks may seem unattainable, but the solution is finding and retaining top cybersecurity talent.
Yet, there’s already a massive talent gap in the cybersecurity industry. In the U.S. alone, there are more than 700,000 unfilled cybersecurity jobs, data from Cybersecurity Ventures shows. While the global cybersecurity workforce has reached an all-time high with an estimated 4.7 million professionals, there’s still an overall shortage of 3.4 million workers, according to the 2022 (ISC)2 Cybersecurity Workforce Study.
Fighting this talent gap is no small feat, but there are tactics both cybersecurity applicants and recruiters can take to curb the growing number of cyberattacks. Cybersecurity experts agree that companies need to be more lenient with their candidate expectations and invest in leadership at the very top.
Companies big and small also need to hire and compensate someone who is fluent in cybersecurity at the executive board level, Peter Trinh, a cybersecurity architect at TBI Inc., tells Fortune. “Whether you’re hiring a cybersecurity team in-house or partnering with a third party, cybersecurity is expensive, but increasingly necessary to ensure organizational health.”
With so many open cybersecurity jobs, the common conclusions are that there either aren’t enough qualified people to fill the positions or that companies aren’t offering the right compensation packages. While both of these ideas are partially true, cybersecurity experts also argue that the market could stand to have improved recruitment measures and be more open to hiring people with varied professional experience.
“Companies need to understand that exceptional candidates are out there, but we need to be flexible with the job requirements we set,” Schneider says. “Businesses aren’t looking at nontraditional candidates enough—folks that don’t have a college degree, neurodiverse candidates, veterans, etc. Whether your background is in construction, health care, or even food services, I promise that there is room for you in cyber.”
Learning the tricks of the trade takes time, however. Companies are increasingly offering upskilling opportunities for employees who are interested in making a career switch. Other ways to enter the cybersecurity field include earning a master’s degree, taking certifications, or even start taking a few free classes at a time.
Because cybersecurity professionals are learning in a variety of ways, companies should pursue a variety of avenues for recruitment, Schneider suggests.
“Too often, companies spend massive amounts of money recruiting in a stereotypical talent hub like the Silicon Valley and end up competing in an overinflated market,” he says. “Businesses should take stock of the universities that are investing in cyber programs and degrees and make inroads into their internship and professional development programs.”
No matter how professionals enter the industry, they can expect a good payday. The current median salary for cybersecurity professionals in the U.S. is $135,000, the (ISC)2 study shows. Also, nearly 30% of cybersecurity professionals enter the industry for the potential of high salaries and strong compensation packages.
“The race for cybersecurity talent has been underway for several years and the shortages of skilled employees is difficult to overcome,” Trinh says. “Security specialists are very fluid in their employment choices as compensation, titles, responsibilities, and job pressures all play into the career choices made by these individuals.”
As the talent gap continues to widen, however, so will the need for companies to pursue more automated avenues of protection against cyberattacks, says Sumedh Thakar, CEO of cybersecurity company Qualys, which Fortune has recognized as one of the 100 Fastest-Growing Companies.
“Shortage of talent in anything always drives toward wage expansion, which in this case, also increases the cost for enterprises to secure themselves,” he tells Fortune. But even as companies become more willing to pay higher wages to cybersecurity professionals, it is still incredibly difficult for them to find qualified experts.”
And for the hires that companies have already made, cybersecurity experts make one thing clear: cybercriminals are motivated to work faster than their victims, which means that cybersecurity professionals need to work to stay one step ahead of bad actors.
“As the number of vulnerabilities continues to explode, the amount of time it takes for attackers to weaponize and exploit these vulnerabilities continues to contract,” Thakar adds. “Essentially, cybersecurity is a challenge of speed. Can the attackers get to your weak points faster than you can?”
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the best doctorate in education programs and MBA programs (part-time, executive, full-time, and online).