Why Cyber Security Talent Retention is Your Next Business Headache

Talent retention has become a buzz word in recent years. Employees who excel are after all, worth a considerable productivity booster for businesses. 600,000 researchers in a 2002 study found that high performers are 400% more productive than average employees, but within specialised fields like technology, high performers are 800% more productive.

Why Cyber Security Talent Retention is Your Next Business Headache

When it comes to cyber talent retention, the stakes are even higher. A recent Centre for Strategic and International Studies (CSIS) study which examined IT executives across 8 different countries found that, ‘82% of employers report a shortage of cyber security skills’, with 71% of respondents believing that ‘this talent gap causes direct and measurable damage to their organisations’. Research from a variety of sources points to an increasing pressure for companies who depend on cyber talent to offset increasing cyber threats to security. Deloitte have noted that in Canada, the need for cyber talent grows by 7% annually while data complied in the U.S. notes that in January 2019 there was a talent shortfall of 314,000 cyber security professionals. In Europe there is a predicted skills gap of 350,000 workers by 2022. Worldwide these figures are just as stark. Estimates point that the ‘world is on pace to reach a cyber security workforce gap of 1.8 million by 2022’.

Understanding the key issues

So, what do businesses need to know in terms of what are the biggest challenges they are facing? Businesses are alreading feeling the heat considering this talent shortage. Organisations and their boards are aware of the seriousness and the scale of this issue as according to PwC’s Chris Hall, “It’s front of mind for all the boards and oversight committees we present to”.

The reasons for this are numerous but can be broken down succinctly into five key areas according to research.

  • The evolving threat landscape
  • The pace of technological change
  • Managing security and privacy compliance
  • The increased frequency and complexity of cyber threats
  • Increased security and privacy regulation

Rethink Talent Specifications

Embracing difference: According to the largest ever global survey of cyber security professionals in 2017, employers need to be more flexible when hiring critical talent. Researchers found that inherent biases when hiring, for example, human resources were unyielding in terms of prioritising experienced candidates and selecting candidates within their networks. These attitudes are harmful in the long run.

Another recent report noted that the following issues are contributing to the skills shortage:

  • Strong recruitment targets
  • Talent shortages
  • Lack of investment in training

4 Questions to Examine

According to PwC, Organisations can focus on 4 key development in cyber talent recruitment to drive talent hiring and retention in the long-run.

1: What skills do we need to prioritise?

According to PwC, owing to changes within the technology landscape, larger enterprises should consider cyber talent that are consistent players in niche fields as their skills will align better to new solutions than generalist talent.

2: How do we tempt the right graduates?

PwC advise that the right graduates are those who have absorbed a mix of professional and academic skills during their training. Companies should be mindful of their training so that it does not lean heavily on just one aspect and encourage graduates by offering continuous professional development and skills-based training.

3: How do we incentivise cyber talent in our organisation?

Experts note that talent can be retained by cementing how valuable their contribution is and involving them in the business process. The group also note that investment in training is critical in retaining talent.

4: Where should we find this talent?

PwC recommend searching for talent that “understands the technology and incident response” above a candidate who “understands risk”. They also recommend concentrating the search for candidates among a more diverse path, including minorities and women who remain under represented in organisations despite their qualifications. According to Forbes, 80% of ethical hackers are also self-taught.

 Cyber talent retention 

Businesses of all sizes and across all sectors can appreciate how retaining cyber talent saves considerable time, money, resources as well as preserving competitive advantages and protecting what the Harvard Business Review call ‘intellectual capital’.

Employee retention is a critical issue as companies compete for talent in a tight economy. The costs involved in cyber talent turnover is as expected higher than other talent as well as other soft costs such as training, lower productivity and decreased engagement.

The technology sector has consistently showed the most volatility in terms of employee retention, according to LinkedIn figures (13.2%) compared to 10.9% for non-tech employees. Cyber security experts are not immune to capitalising on the current shortage that exists, so employers need to be primed to invest in their talent. Experts advise, “taking advantage of candidates with knowledge and experience and trust them in their respective skills set to deliver to their maximum potential”.

After all, cyber talent retention is critical to offset more cyber attack vulnerability. The cyber security skills shortage has been proven to lead to critical security incidents (the average data breach costing U.S. companies $3.86 million).


One critical step for companies to take to ensure increased security involves securing the highly confidential information that is disseminated by their board of directors. By adopting a board portal, like DiliTrust Exec, board members can trust that their data (stored locally on servers in Europe, the Middle East and Canada), is GDRP compliant and ISO 27001 certified. To find out more information about how secure the DiliTrust Exec board portal is, please contact a member of our team today.

To read more do’s and don’ts of cyber security read part I and part II of our content series here.