Lack of competence in cybersecurity - a matter for management
The need for competencies and competence in cybersecurity is constantly increasing. The reason is of course the digitalisation and the vulnerabilities that it entails. However, there has been a shortage of competence for many years, not only in Sweden, but also globally, within cybersecurity. To address this shortage of competence, all management teams need to take responsibility for cybersecurity work and ensure both prioritisation and resources.
The lack of competence in cybersecurity is large
In 2020, the IT and telecom companies in Sweden published a report in which they estimated that in 2024 there will be a shortage of 70,000 people with competence in IT and digitalisation. The lack of competence in Sweden in this area is thus very large.
However, this is not only a national problem but a global challenge that most countries must deal with. According to the (ISC) study Cybersecurity Workforce Study, it was estimated that there was a lack of over 4 million people with competence in cybersecurity globally.
The problem is that the gap between demand and available competence is increasing with each passing day.
Different competences in cybersecurity are needed
Since 2018, the organisation SOFF (Security and Defense Companies) has conducted surveys regarding the cyber competence needs of the association's member companies. The 2022 report shows that it is above all specialists who are in demand for new employment. The industry is mostly looking for competencies in security architecture and network security. Two competencies that are both expected to continue to be the most important skills and competencies for companies within the next five years.
At the same time, the demand for people with communicative and analytical skills is also growing, and for companies' continued development and competitiveness, both technical and communicative and analytical skills are needed.
The lack of competence in cybersecurity is a societal problem
Cybersecurity is one of the biggest challenges for companies today. Many companies, states and authorities operate on a global market and in a totally connected environment. With that comes new threats and demands for security, confidentiality and integrity that must be addressed.
In a time of intense digitalisation, the area has become, and is increasingly becoming, neglected. Demand is increasing and despite scattered efforts being made, society is not succeeding in securing the supply of skills for those who need it. The consequences of digitalisation that are allowed to continue without the support of expertise in information and cybersecurity are difficult to foresee. What can be said with certainty is that trust and secure digitalisation cannot be guaranteed. In Sweden, FRA (Försvarets radioanstalt), the Swedish Armed Forces, MSB (Agency for Civil Protection and Emergency Planning) and the Security Police together with the Police Authority released a report in 2020, Cyber Security in Sweden - Threats, methods, shortcomings and dependencies, where they state that the lack of relevant expertise in cybersecurity is a societal problem.
To secure the supply of competence in cybersecurity, it is required that more people are trained in the area in the coming years. But it is also necessary that more people prioritise the work with cybersecurity.
Management needs to take responsibility for cybersecurity
To secure society, all management teams need to take responsibility for, and do their part in, the work with cybersecurity. What needs to be done is the following:
- A strategic decision about the company's security work needs to be made and this must then be followed up continuously. This needs to be an issue that is raised at all management and board meetings!
- It needs to be clarified at all levels within the organisation how important and prioritised work with cybersecurity is and the management then needs to step in and continuously support the work with cybersecurity.
- There is a need to recruit specialists in cybersecurity, something that is not always easy as there are not enough trained people.
- In addition, you need to train your entire organisation in security. That is, create a security culture. Security culture is about how employees' values affect the way they think and act in relation to risk and security. It is therefore of great importance for how you work and affect the employees on a daily basis. By raising the general security mindset, one can avoid most common mistakes that lead to successful cyberattacks.
Do you feel that you need help getting started with cybersecurity? Then you can read our guide!
Do you need more help with how to solve your security problems? Then you are welcome to contact us at Advenica!