Crosscutting Issue #1: Build the cybersecurity workforce required to turn ambitions into actions by assessing and expanding effective models for addressing workforce challenges including limited pipelines and a lack of diversity.
Cybersecurity Workforce in the Private Sector
Problem Statement: The Cybersecurity Talent Shortage
Although exact numbers vary, experts agree that a significant gap exists between supply and demand in the cybersecurity workforce across sectors. A 2019 projection by the International Information System Security Certification Consortium stated that the cybersecurity workforce needs to grow by 145 percent to meet global demand and that the current shortfall amounts to approximately 4 million individuals.1 “Both banks and financial market infrastructures [in Europe] are struggling to find staff with the skills and experience needed to fend off cyber-attacks,”2 a member of the ECB’s Executive Board noted in 2019.
The financial sector has always been one of the largest employers of cybersecurity talent. One reason for the high demand is that cyber criminals have been targeting financial institutions since the early days of the internet. Yet the financial sector’s demand for cybersecurity talent has been growing in recent years. One reason is higher expectations from financial regulators, especially following the 2016 Bangladesh incident. A year later, in 2017, eighteen of the FSB’s twenty-five member jurisdictions reported plans to release new rules addressing cybersecurity in the financial sector.3 This rapid worldwide increase in cybersecurity regulatory activity is illustrated by a recent survey among financial CISOs who said that close to 40 percent of their time was spent “reconciling cybersecurity and regulatory frameworks.”4 Other factors include the general evolution of the cyber threat landscape and growing awareness among senior executives of cybersecurity’s importance.5