Policy Interventions and the Cyber Security Skills Shortage

Today, the already demanding task of companies to protect themselves against cyber threats is exacerbated by the phenomenon of the cyber security skill shortage, namely the lack of professionals with the knowledge and skills to perform a cyber security job. Companies would like to hire professionals in the cyber security sector but they are struggling to find them due to lack of skills. According to the International Information System Security Certification Consortium (ISC(2)), today there is a global shortage of 2.93 million professionals(1). The UK government refers to the shortage as “a national vulnerability that must be resolved.” To address this issue, “it will invest in programs to address the shortage of cyber security skills in the UK, from schools to universities and across the workforce.” GCSEC funded and supported a research project conducted by researchers at the University of Oxford on the cyber security skills shortage. The aim of this study is to collect evidence on the incidence and the characteristics of the shortage and to analyze what countries are doing to mitigate it. The research analyses policies in 12 countries (selected based on ITU’s ICT Development and Global Cyber Security indexes) and uses the NIST Cybersecurity Workforce Framework as a point of reference. Government policies implemented are analyzed is terms of: • Primary & secondary education • Vocational education & apprenticeships • Higher education & research • Workforce Finally, the study is the first research providing a comprehensive analysis on the cyber security skills shortage in Italy, presenting new evidence from a survey to CISOs across the country.

(1)  https://www.isc2.org/Research/Workforce-Study