Future-proof your security team

Wanted: 3.5 million people for 2021 cybersecurity jobs

More than half (51%) of executives in our Global DTI 2021 survey say they plan to add full-time cybersecurity personnel over the next year. More than one-fifth (22%) will increase their staffing by 5% or more.

Top roles they want to fill: cloud solutions (43%), security intelligence (40%), and data analysis (37%). Cloud security and security analysis are among the skills that a joint ESG and ISSA survey cited as being in shortest supply.

Hiring managers face tough competition in the cyber labor market. The most recent studies indicate that, in the US alone, 50% fewer candidates are available than are needed in the cyber field. Globally, some 3.5 million cybersecurity jobs are expected to go unfilled in 2021.


More than half of businesses are expanding their cybersecurity teams


Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 3,249
Q: How is headcount for your cybersecurity team changing in the next 12 months?

Hire for 21st-century skills: digital, business, and social skills

In their new hires, more than 40% of executives are looking for analytical skills (47%), communication skills (43%), critical thinking (42%) and creativity (42%). Shaping the future of cybersecurity — one that is in step with the business — means hiring the people who are ready to work collaboratively with others to tackle new, as-yet-undiscovered problems and analyze information.

These in-demand qualities correspond with the expanded role of the CISO as not merely a tech leader, but one who works with colleagues in the C-Suite and the business side to add value overall.

“Works well with others” is an increasingly important trait for advancement in cyber. CISOs used to look for the person who knew the most about how to configure a firewall or identity and access management, for example. Not anymore. They’ve realized that those skills could be taught a whole lot easier than executive skills. Good communications, good analytical thinking, and the ability to step outside the process and imagine new and better ways to do it — those soft skills are harder to teach. 

To attract this new breed of cybersecurity professionals, organizations find the following to be most effective: flexibility, compensation, and training and “cutting-edge projects, technology, and work environment.” Tuition support ranks high with employees in the technology, media, and telecommunications industry, as well.


New hires need to have digital skills, business acumen, and social skills


Digital building blocks

Cloud solutions
%
Security intelligence
%
Data analysis
%
Data management
%
Specific technology specialties (e.g. AI, IoT, blockchain, etc.)
%
Networks (e.g. configuration, protocols)
%
Financial and risk analysis
%
Software development and QA
%
Computer programming
%
Privacy specialties (e.g. privacy engineering)
%
Systems (e.g. engineering)
%

Business enablers

Analytical skills
%
Project management
%
Communicating data
%
Digital design
%
Business process acumen
%

Social skills

Communication
%
Creativity
%
Critical thinking
%
Collaboration
%
Adaptability
%
Emotional intelligence
%
Persuasion
%

Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 3,249
Q: Which of the following skills are you looking for in your new hires in the next 12 months?

Hire from within: upskilling 2.0

Enterprises feeling the pinch of the cybersecurity skills gap may find much talent in their own backyards. Organizations are hiring from within, offering upskilling to increase current employees’ skills in the same key areas they’re hiring for: digital skills, business acumen, and social skills.

Organizations should challenge long-held beliefs about training, and design their programs to be people-powered, business-led, and results-oriented. This approach, which we call upskilling 2.0, uses techniques such as gamification to increase participation, improves effectiveness and recall by having students apply their newfound knowledge to challenges they face on the job, and rewards progress toward tangible business outcomes.

Executives set a good example: almost three-quarters (72%) of technology/security executives report spending three or more hours per week on work-related learning, and more than one-third (36%) devote more than seven hours per week to learning. Taking courses toward certification and taking online classes are top ways that executives say they keep pace with fast-evolving developments in tech and cyber, after networking with peers nationally.


Keeping up with technologies requires significant personal investment in learning


Tech/Security respondents
Business respondents

More than 10 hours per week
%
%
7-10 hours per week
%
%
3-6 hours per week
%
%
1-2 hours per week
%
%
A few hours per month
%
%
A few hours per quarter
%
%
A few hours per year
%
%
Don't know
%
%

Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 3,249
Q: How much time do you personally devote to learning new things in the technology field that improve the way you do your job? Tech/ Security Respondents Only Base: 1623
Q: How much time do you personally devote to learning new things in the technology field that improve the way you do your job? Business Respondents Only Base: 1626

Access talent through managed services models

Other organizations may not have the resources to compete for cyber talent in this tough market. In such cases, using a reputable managed security services model can help provide companies with a diverse, readily available, highly skilled workforce. The best managed services providers continually invest in hiring, credentialing, and upskilling. They may also have apprenticeship programs that provide their staff with a range of experiences in different industries.

Managed services platforms — networks, the cloud, data, analytical tools, visualization, machine learning — are constantly evolving. By moving to a managed services model, an organization can avoid not only technology investment costs but also the risks that legacy technology poses, including the need for constant upgrades.

An overwhelming majority — nearly 90 percent — of executives use or plan to use managed services. Eighteen percent say they’re already realizing benefits from managed services, while 49% are starting to use them, and 18% plan to do so in the next two years.

Contact us

Sean Joyce

Sean Joyce

Global Cybersecurity & Privacy Leader, PwC US; Cyber, Risk & Regulatory Leader, PwC US

Follow PwC Mauritius