Canada is facing a serious talent crunch when it comes to cybersecurity professionals, with demand growing by seven per cent annually, and 8,000 new workers needed by 2022, according to a new report from Deloitte.
The labour squeeze leaves companies at risk of attack. In the case of large enterprises, those attacks can be costly and embarrassing. Moreover, experts say that cyberattacks can simply drive small and medium-size companies out of business altogether.
Marc MacKinnon, Deloitte’s National Cybersecurity Strategy Leader, said the demand for expertise in this area has led to zero per cent unemployment among qualified professionals, and that’s causing all sorts of problems for business, and things are only likely to get worse.
“It’s really a seller’s market right now,” he said.
“It actually leads to things like skills mismatch. It leads to salary inflation. It leads to a lot of people that are kind of moving from one organization to another, so it doesn’t allow them to develop that really inherent knowledge of the business that they’re working for.”
Canada isn’t unique in this; there’s a global shortage of people who can guard against cyber threats. Globally, the Deloitte report suggests that a lack of qualified workers in this area could slow the pace of technology innovation by up to US$3 trillion.
As every aspect of society embraces digital technology, there are so many new ways for criminals to attack, and because technological development is moving so fast, specific skills can quickly become outdated.
Moreover, the Deloitte report says that it’s a challenge to train new workers because, ironically, qualified instructors are difficult to recruit because of the same skills shortage.
This is an issue that Bryan Pollitt knows first-hand, as vice-president of professional services at ISA, a Toronto-based firm that offers cybersecurity services. He said his company struggles to find qualified workers.
“It’s been a challenge over the course of the last 10 or 15 years, but much more pronounced in the last few years,” Pollitt said.
“This is not a new phenomenon, but it’s one that’s not going away, and it seems to be getting worse.”
He said across the industry, he sees situations in which under-qualified people are filling intermediate and senior roles, and the real experts drift away from permanent jobs to project-based consulting, because they’re so in demand.
This is not a new phenomenon, but it’s one that’s not going away, and it seems to be getting worse
The Deloitte study on the issue suggests that industry needs to get more sophisticated when it comes to how they think about cybersecurity, breaking the broad category down into specific roles with different capabilities and areas of interest, instead of searching for people who can do everything.
The report also points out that the cybersecurity community is overwhelmingly male, and overwhelmingly comes from an IT background, and by pushing to be more inclusive, companies can expand the potential talent-base.
The good news, MacKinnon said, is that Canada is in a better position to handle the challenge than a lot of other countries, if we get serious about it.
That sentiment was echoed by André Leduc, vice-president of policy and government relations with the Information Technology Association of Canada.
“The genie is not going back in the bottle for cybersecurity, and Canada is in a good place in terms of our cyber-talent and cyber-industry,” Leduc said. “We can continue to be a strong international player on this, but investments need to be made, both in the private and public sector.”
Both ITAC and the Deloitte report offered faint praise for the federal cybersecurity strategy released last month. Ottawa has pledged $507 million over five years as part of the strategy, which will, among other things, provide up to 1,000 student work placements in cybersecurity jobs.
“While these are positive steps, they will take time to affect the talent ecosystem, and require significant public/private collaboration to be effective,” the Deloitte report said.