Either you already know your Digital, ICT or Cybersecurity skills issues, or you’re going to find out the hard way!
Where are my risks?
Significant business risk exists from the inability to prevent data loss and Cybersecurity incidents if the people and skill risks are unknown. If you don’t know what skills you have or what skills you need, no gap analysis is possible to identify or confirm the skill gaps which might result in breach.
Analysis of incidents from various organizations reveals significant risk to reputation, customer retention and acquisition, share price and revenue. Fines for breach of legislation is also an increasing risk, with many authorities having strengthened the penalties over recent years.
Many organizations are reporting skills shortages, with few who feel they are OK – however, most of these have not actually compiled an inventory of current skills, and therefore their positive feelings may prove unfounded. We recommend carrying out a baseline assessment to show solid evidence of whether there are any gaps or not, and which specific disciplines they are in.
Where are my gaps?
This 2018 report from ISACA shows the types of security positions which are unfilled.
As you can see, there are few gaps at CISO level, so that should mean that the policy is created. However, the gap at Director of Security level may mean there is not enough focus on implementing the policy and ensuring that working practice is in line with the policy. The gaps are the lower levels will most probably result in issues at the operational level. Policy alone won’t stop there being a security breach and making the press for losing customer data!
Where are your gaps, and which skills do you need to prioritize for development or recruitment?
Do we already have the skills?
As highlighted by the #HasBean cartoon below, some attitudes are a little old fashioned and unsuitable for the more agile dynamic world we live in. The good news is that you might already have some of the skills you need inside your organization – but because you haven’t got an inventory of all the skills of the workforce (not just the skills they use in their current role), you will miss opportunities for internal recruitment, development opportunities, skills transfer, mentoring, coaching, etc.
Can we afford not to know?
Your staff are so much more than just the skills you included on their current job description! Do them and yourselves a favour by finding out about all their skills – you’ll be surprised at the latent talent you aren’t yet tapping in to! Even if they don’t have the perfect mix of skills, they may be part of the way there, and get there with a little development. Whether you end up filling gaps from within, or recruiting / sourcing externally, there’s no excuse for not know what skills you have and where your gaps / risks are. Can you really afford to wait until a cybersecurity issue happens? I would suggest NOT!