According to the 2021 Cybersecurity Workforce Study, more than 700,000 trained professionals were added to the more than 4.19 million-strong cohort in 2021. Even so, the same report concludes that the global cybersecurity workforce must grow 65% if we’re to have any hope of effectively defending organizations’ critical assets.
That’s troubling, to be sure. But what’s even more disturbing is that new cyber threats are emerging so rapidly that the trained workforce we have in place is falling behind.
Even with major technology firms investing billions in cybersecurity measures, without constant upskilling, our cybersecurity teams will fall behind.
Data breaches and other cybersecurity incidents can quickly wipe out a company’s profit margin — if they don’t force the company completely out of business.
The average cost of a data breach to businesses varies greatly depending on the size of the business, the type of data that is compromised and the steps taken to mitigate the damage. However, most estimates put the average cost of a data breach in the millions of dollars.
Protecting a company is not as simple as just sending your teams back to get retrained whenever a breach occurs. Training must be a core company value, elevated to the level of a proactive function — especially when it comes to protecting corporate networks.
Let’s look at three keys to making cybersecurity upskilling a core value that any company can make a part of its corporate culture.
A New Corporate Core Value
Corporate executives and boards of directors have been managing through an era of massive change that has trained them to rethink old ways of doing business in favor of a more values-based approach to the work companies do.
As a result, many organizations have been in the process of reimagining their businesses in terms of the values that their employees share. We’ve seen some excellent work done here in terms of diversity, equity and inclusion (DEI), which has been well received by the workforce.
When it comes to the people corporations serve, few core values rank as highly as data privacy and security.
The conclusion is clear: Now is the time to consider cybersecurity upskilling a core value.
Creating a Culture of IT Upskilling
Companies that hope to protect the privacy of the customers they serve must do more than hire the right people. They must also help them keep their skills sharp. There are three ways learning and development (L&D) leaders can develop this kind of culture.
Make It Core to the Culture
If leaders have learned anything about creating strong corporate cultures over the past few years, it’s that you can’t just pay lip service to values and expect the company’s employees to fall in line behind it. It’s actions more than words that impress people and inspire further action.
Companies must do more than acknowledge the need. They must also provide resources that will allow people to learn and grow. Our own experience in the industry has shown us that given the opportunity to increase their skills, most workers will jump at the chance.
By demonstrating that the company supports ongoing learning and will provide access to quality learning resources, a strong culture will be established.
Incentivize Learning Achievements
We all have that voice in our heads that asks, “What’s in it for me?” While information technology (IT) professionals know better than most how beneficial upskilling can be, it helps if the company rewards those who take advantage of these opportunities.
This doesn’t have to be costly. Companies can work with employees to identify targets and then agree on rewards for hitting them. These targets could be anything from certification completion to adding new skills to their resumes.
It’s important to develop learning plans that include timelines and milestones, so trainees know exactly what is expected of them.
Provide Time To Learn
A company can make upskilling part of its corporate culture and even reward its people for doing so, but if employees don’t have time to take advantage of it, there will be no benefit for anyone.
To make this work, companies must be sure that time can be set aside for training without the fear that work will pile up and make it more difficult for employees to succeed.
This makes sense for companies, as time spent learning provides a real return on investment in productivity. It will make sense for employees as long as it doesn’t come with the built-in disadvantage of overloading them with work when they are not training.
Defending against cybersecurity risks has become a key success metric for all businesses. The good news is that IT security tools are getting better every day and can protect businesses, but only if their people are trained to use them correctly.
That requires a culture of upskilling which can only come when companies make continued readiness through effective training part of their corporate cultures.