How to build a cyber security team that’s ready for tomorrow’s threats

The cyber-threat landscape is more tumultuous than ever. The proliferation of artificial intelligence (AI) tools has empowered threat actors and decreased the barrier of entry to novice cyber criminals, increasing both the sophistication and volume of cyber attacks. Moreover, the current geopolitical climate has seen a rise in state-sponsored actors deploying new techniques that require constant revision of existing security strategies.

And the cost of falling victim to these threats? A predicted $10.5 trillion worldwide by 2025, plus an incalculable impact on the reputation and future operations of affected organisations.

It goes without saying that possessing the right cyber security expertise is imperative. However, with our 2024 Global Cyber Security Report revealing that 61% of cyber leaders don’t rate their ability to secure cyber talent highly, hiring solutions clearly need a shake-up. It’s time to look past the usual cohort of workers skilled in this area, and engage overlooked talent.

Informed by over 1,000 cyber security leaders worldwide, along with expert advice from Hays and other industry leaders, our Global Cyber Security Report reveals the top hiring obstacles organisations face – and why challenging traditional talent pipelines could be the answer.

Skills shortages complicated by budget barriers

The government’s latest research found that 50% of all UK businesses have a cyber security skills gap, exacerbated by a lack of skilled workers in today’s talent pool. This has given experienced professionals licence to demand higher salaries, but budgetary restraints and dampened investment means that many organisations are unable to keep up.

According to our report, almost half of employers in 2023 didn’t increase salaries for either existing or new members of their security workforce, while nearly three quarters (72%) of leaders are concerned about their budget in what continues to be a trying economic climate.

The onus is therefore on employers to explore alternative ways of sourcing cyber talent, such as upskilling existing staff who show potential. However, with almost three-quarters of employers saying they spend 5% or less of their cyber budget on developing talent, it appears there’s a lack of appetite or resources to identify and grow future talent from within. With the emergence of AI tools, though, failing to adopt a learning culture could be a costly mistake.

Is AI an asset or an adversary?

The short answer – both. AI has the potential to heighten cyberthreats while simultaneously giving more cyber criminals the capacity to cause harm. However, when deployed properly, AI can also empower professionals and organisations to combat today’s growing cyber threats. And while the extent to which skilled workers can currently leverage AI tools is unclear, 89% of the cyber leaders we surveyed believe the tech will help improve security capabilities.

But does AI’s proliferation mean cyber careers are at risk? Industry opinion is more divided here, with almost half of cyber leaders (44%) believing that the tech won’t result in job cuts. While AI has the potential to automate certain tasks and possibly reduce headcount, the rapid advancement of the tech – and the opportunities and risks it poses – may also increase the demand for skilled professionals.

While this is a positive for prospective cyber candidates, it exacerbates existing skills gaps for employers, with many lacking AI-savvy talent. Organisations may find themselves playing catch-up: only 57% of respondents predict they will have trained their cyber security workforce on AI tools within the next year, while a quarter of leaders have no upskilling plans in place. 

Why it’s time to look beyond the usual suspects

In the same vein that cyber defence strategies can’t afford to remain static, skills solutions must prove equally adaptable in a challenging hiring market. Experienced cyber professionals are at a premium, yet monetary restraints limit the ability to secure new staff.

So, what’s the answer? Increasingly, non-traditional talent. More precisely, targeting talent pipelines that have historically been overlooked, including those without the exact job spec or a degree. Hiring managers willing to take on and train candidates with valuable transferable skills, such as problem solving or emotional intelligence, could unlock the next generation of cyber talent – without breaking budget.

Consider broadening your search to candidates from wider IT disciplines, such as administration or software development. Moreover, targeting transferable core skills is a wise investment in an AI-driven sector, with these adaptable traits potentially holding longer-term value than niche technical skills, which may be quickly frog leaped by the tech’s rapid advancement.

For insights into managing digital transformation effectively, and how to hire for the skills that can facilitate meaningful change, watch the video below.

Take a skills-first approach

To support your long-term talent solutions – whether that be in cyber or another field – you may wish to partner with a skills provider who can source and train undiscovered, high potential talent from the ground-up.

By working with Hays Skills, you’ll have a scalable and flexible academy model that’s bespoke to your organisation’s specific skills needs and budgetary requirements, unlocking a long-term pipeline of future-ready talent. Moreover, you’ll mitigate significant spend on costly cyber security training – letting you focus on building a cyber security function that’s ready for whatever tomorrow brings.

Discover how you can unlock non-traditional talent ready for the future with Hays Skills, or talk to us about your organisation’s cyber needs today by contacting james.walsh1@hays.com.