The more digital technology can benefit governments and businesses, the greater the risk becomes. The advancement of AI is only accelerating this trend, and that’s a problem: there aren’t enough powerful profiles available today to handle all of this.

“The development and adoption of technology is not linear,” notes Chris Dimitriadis, chief global strategy officer at Isaca. “It accelerates.” This gives companies and governments tools to create new valuable solutions. This is a good thing, but there is a downside to the coin: “The more technology used, the greater the risk.”

Genie out of the bottle

Dimitriadis notes that we live in exciting times. Not only is technology adoption happening at breakneck speed, but the AI ​​genie is now out of the bottle. “AI is not just another technology. Many try to predict the future, but there is a lot of uncertainty for AI. The technology has been talked about for a long time, but now there are applications.”

Isaca is an international digital trust community. Creating digital trust is central to the organization’s mission and also drives Dimitriadis. Trust comes on foot and on horseback, and companies today have to manage a lot of complexity.

Interest prevails, value does not

Fortunately, everyone is starting to realize the importance of digital security. Two problems remain. Dimitriadis: “Cybersecurity does not generate any sales and the topic is too technical for many decision-makers. It remains difficult to quantify and measure security. How do you define the value of investing in cybersecurity? Small and medium-sized companies in particular continue to be concerned about this.”

Cybersecurity does not generate revenue and the topic is too technical for many decision makers.

Chris Dimitriadis, Chief Global Strategy Officer Isaca

Measurability (or lack thereof) is a challenge, but certainly not the biggest. Everything starts with the right people, and they are rare. “The skills gap is getting bigger and bigger,” notes Dimitriadis. “Supply and demand are growing apart. There are not enough skilled workers to address the problem.”

This is striking: Although technological development has reached unprecedented speeds today, the shortage of skilled workers is not a new concept and has been discussed for a long time. Although the problem is known, no solution has been found. Where are all the educated people?

The need for IT specialists is growing

Dimitriadis sees three key factors driving the demand for professionals with IT and security skills, and three policies that companies can consider today to mitigate problems. The following trends play a role on the demand side:

• New regulations: In Europe, new rules such as NIS2 and DORA provide clarity. The need for cyber resilience is enshrined in legal texts, but this increases the need for people who actually know what exactly companies should do with these rules.
• Greater complexity: Increasingly sophisticated attacks have led to a variety of security solutions, but complexity is cybersecurity’s greatest enemy. Technology today is making strides toward simplification, but many people are still needed to manage risk, make the connection between technology and security, and generally deal with the additional technology.
• Talent battle: The cyber threat landscape is lucrative and attracts criminal activity. Monetary gain remains the biggest motivator and the problem is only getting worse. Companies are trying to protect themselves and a “war for talent” is breaking out on a macroeconomic level. Those who can pay more will hire the right people. This is a big problem for smaller companies that struggle to keep up with their IT staff.

Achieve more with less

New rules, more attacks, more complexity and a battle for talent are increasing the need for IT staff. “The availability of the right people is also growing,” notes Dimitriadis. “But less quickly.” That doesn’t mean that organizations are helpless. Dimitriadis sees three key issues that companies can work on starting today:

• Train whoever you have: Existing staff should receive more training, especially in using technology. Not everyone needs to become an IT expert, but training in basic skills around cybersecurity and digital trust goes a long way.
• Focus on the reaction: Incidents are inevitable. Focus on your response when something goes wrong and consider managed services. With a good response plan, you can quickly resume activities after an incident.
• partner: Look at your supply chain and make sure your partners are working with you. The correct certification of suppliers and liability clauses in contracts can already ensure more trust. When choosing partners, you need to consider cybersecurity from the start.

Of course, more skilled workers will have to be added in the future. “The training of people in the company plays an important role today,” says Dimitriadis. “The more educated people are in the fundamental aspects of security, the better they can make the connection between cybersecurity and the impact on business value.”

Security allowance

He also sees an important role for governments. “Actually, the government should invest more in cybersecurity and perhaps consider subsidizing the cost of digital security. This certainly also applies to smaller companies. It’s hard for them to make safety an absolute priority when all they’re preoccupied with is survival.”

The government already plays a role, including in NIS2. The rules are there and serve to strengthen Europe’s cyber resilience. This implies that secure companies are an important building block for a secure society. Taking into account the public interest, the possibility of subsidization is not that far-fetched.

The shortage of IT specialists cannot be solved overnight. The rapid development of the technology landscape means that despite the growth, the supply of the right talent is currently not sufficient. Anyone hoping that the express train will slow down is in for a treat. With the introduction of generative AI last year, we are witnessing an explosion of digital applications. What do you do as a company? The right focus, coupled with more basic knowledge of technology and safety, can still help a lot today.