Across all industries, the demand for cybersecurity is greater than ever. As employees, partners, and customers increasingly want to consume information digitally, there is a need to push information to more endpoint devices. At the same time, the threat landscape is continually evolving, with attacks that are more difficult to detect and defend.
From 2020-2021, the percentage of technologies in deployment for security purposes rose from 15% to 84%, and IT leaders who are planning to increase security technology investments rose from 31% to 64% during the same period.1 But available talent to execute on these cybersecurity investments is in short supply.
In 2022, the global cybersecurity workforce grew to encompass 4.7 million people, reaching its highest-ever levels. However, there is still a need for more than 3.4 million security professionals, an increase of over 26% from 2021’s numbers.2 Research also shows that cybersecurity demand is twice as great as supply.3
The problem is compounded for workers’ comp organizations, which are highly valuable cyber targets due to the large quantities of confidential data – personal health information – they store and the estimated value for each compromised record. As of 2022, the healthcare industry was the most expensive for data breach costs for the 12th consecutive year, with an average of $10.1 million per incident.4
According to Tony Brown, Director, Information Security at Healthesystems and a 30-year cybersecurity veteran, “As a cybersecurity professional, we are hard-pressed to not only secure our sensitive data but also remain vigilant of the ever-changing landscape that is being targeted by hackers. It is a significant challenge for us that only grows larger each day as malicious actors have the upper hand with the availability of emerging tools and techniques capable of exploiting vulnerabilities in a variety of different ways.”
Security Risks: The impacts of the cybersecurity talent shortage on workers’ comp organizations are many. Sixty-seven percent of organizations worldwide agree that the shortage of qualified cybersecurity candidates creates additional risks for their organizations.5 These risks encompass all areas of the business, including application security, network security, endpoint security, cloud security, personnel security, and information security. In 2022, 80% of organizations suffered one or more breaches they could attribute to a lack of cybersecurity skills and/or awareness.6
Delayed Technological Growth: A lack of talent to execute on cybersecurity projects also results in delayed technological growth, preventing companies from adopting emerging technologies. IT executives see the talent shortage as the most significant adoption barrier to 64% of emerging technologies, compared with just 4% in 2020.7
Impacts on Business Growth: Finally, the cybersecurity talent shortage can affect an organization’s bottom line through the loss of current and potential customers. According to one study, the shortage could cost the U.S. economy more than $160 billion in revenue by 2030.8 There’s also a cost associated with cybercrime, with global financial damages totaling $6.1 trillion in 2021.9
“If you don’t have the right people, the risk increases exponentially because you’re losing the ability to know what is going on in your environment and put the right security controls in place,” explains Brown. “The first thing customers want to know is, ‘Are you a threat to me?’ If you’re not investing in security, you may be pulling yourself out of the market to gain customers.”
So, what can workers’ comp organizations do to maintain their cybersecurity standards despite the talent gap? Brown recommends that IT security leaders consider these five actions to counteract the impacts of the cybersecurity talent shortage in workers’ comp organizations:
As you navigate the IT talent shortage in your workers’ comp organization, Brown’s top suggestion is to be patient and understand that establishing and maintaining a viable security program takes time. You must be committed to continuing your team’s education and awareness of the security landscape for emerging threats, technology, requirements, and mitigation solutions. On top of that, you should be flexible and adaptable to both the changing needs of your organization and the security landscape. Finally, foster cross-departmental knowledge sharing of cybersecurity – build that “cybersecurity army” of people across your organization so that everyone has a stake in the fight.