Today’s columnist, Sean Joyce of PwC, explains why companies need to invest more in cyberskills to offset the cyber talent gap. (Creative Commons: https://www.flickr.com/photos/[email protected]; https://creativecommons.org/licenses/by-sa/2.0/legalcode)

The events of the last 18 months have upended the modern workplace. Companies across the globe needed to quickly embrace technology to redefine their enterprises and accelerate a digital transformation journey ahead of schedule. The boundaries between work and life became frayed—and to thrive, businesses and the workforce alike had to lean into a remote-working world where the two were often blended.

Technology can only do so much on its own. And although the pandemic brought about many challenges, it shined a light on what we have long known as true: The collaboration between human and machine will lead us into the future. As more businesses embrace the cloud and rely on digital technologies to keep their workforce and business operations up-and-running and connected, cyber threats will only grow in sophistication, requiring highly-skilled talent with the know-how to keep evolving technology secure. There's only one problem: While cyber budgets continue to increase, so does the cybersecurity skills gap.

For years, industry leaders have been privy to the cybersecurity skills shortage—and now it's compounded by the pandemic. At a time when 93% of chief risk officers (CROs) see higher employee turnover, companies need to recognize that they shoulder the responsibility of providing training and reskilling opportunities to retain, attract, and expand the talent pool. People are a company’s greatest asset, yet many companies are not making upskilling a priority. According to our 2022 Digital Trust Insights Survey, 69% of business and technology leaders expect their cyber budget to increase in 2022—with 26% expecting a jump of more than 10%—yet a top concern for CIOs and CTOs has been a lack of digital upskilling resources. Among the technology skills highest in demand are cybersecurity professionals. To bridge this divide, forward-thinking companies need to leverage increasing budgets to invest in their people, creating a cybersecurity talent pipeline that can withstand the test of time.

Creating a human-led and tech-powered approach to cybersecurity

The cybersecurity talent shortage has emerged as one of the most significant threats we face, no matter what the industry. The sooner companies recognize what we are up against, the faster we can work together to bolster these professionals. In an effort to do our part during our own robust transformation, we launched our Global Cyber Academy (GCA). This first-of-its-kind certification program offers our global workforce access to best-in-class, curated digital learning content in a structured curriculum. Through three pillars: Digital accessibility, vendor-led learning, and continuous upskilling, we are creating a culture of learning that equips our entire global workforce with the same state-of-the-art training and learning resources to help address the issues our clients and communities face anywhere around the world. These courses are ever-evolving, helping our people to build life-long skills that will help keep them agile, no matter the trajectory of their career.    

The opportunity to retrain and upskill has given everyone from interns and new hires to senior-level management the opportunity to register and take advantage of the courses available. In just eight months since the GCA's launch, about 5,000 cyber professionals across the globe received an invitation to the academy and cloud certifications have skyrocketed. With its overwhelming adoption and success, other practices and sectors outside of cybersecurity are leaning in, with over 50% of PwC's Cyber, Risk, and Regulatory practice already registered for training. This early success has shown us that employees are enthusiastic about equipping themselves with the skills to shape the industry's future and their own. 

By creating a program powered by a standard set of curriculum and strong partnerships from top certification providers, we are making an investment in our global workforce. This investment not only allows our people to advance in their careers with us, but it gives them the skills and tools they can take with them wherever their careers lead.

An opportunity for external adoption after internal success

While we’re proud of the success we’ve seen so far with our Global Cyber Academy, building a comprehensive program like this has been a tall order. And part of our responsibility as a business that has made this investment and seen its benefits is to share our success with others.

Setting a global standard for critical cyber skills became a primary goal for this program. It led us to take this internal strategy and turn it into an offering for our clients. At PwC’s School of Cyber, our credential-based upskilling program, we’re piloting with one of our clients in the U.S. and exploring a global test run, with the hope of driving adoption for more clients in the future. Through this primarily online program, we are helping this client upskill its workforce and drive internally the transformations necessary to protect their data in a cloud-centric world. From sharing our own learnings to helping clients create their own academies to roll out within their organizations—together, we are building up a global cybersecurity professional pipeline with adaptable, future-proof skills. 

Protecting a company’s network and securing the business will continue to grow both in importance and complexity. It will require evolving skills, access to industry-leading information, emerging security topics and trends to keep pace with the changing threat landscape and technology advancements. Technology is only as good as the people behind it. It’s the human and machine collaboration that will take a company’s digital transformation to the next level. So when the decision comes to how the company should allocate its cyber-spend, put retooling people at the top of this list.

Sean Joyce, global and U.S. cyber, risk and regulatory leader, PwC