'New collar' workers can help stamp out cybercrime

Breaches, ransomware and scams are commonplace, and are potentially incredibly damaging not only to a business’s bottom line, but also its reputation. While we often hear about cyber incidents after they happen, cybersecurity professionals are constantly working behind the scenes to keep personal and commercial data safe. Unfortunately, while the volume, velocity and variety of cyberattacks continue to increase at near-exponential rates, the cybersecurity skills gap has also continued to widen:

• There is currently an estimated shortage of 2 million cybersecurity experts, according to industry body ISACA. Cybersecurity Ventures found that by 2021 that number could grow to 3.5 million.
• At the same time, cybersecurity risks are growing exponentially, and firms around the world are struggling to understand how best to protect themselves from major breaches.
• To ensure that the talent pool is up to the challenge, the industry must generate new interest in cybersecurity careers and those looking to make moves into new career tracks.

We are in the middle of a global digital transformation, where organizations are making mass migrations toward cloud-based information storage and processing platforms, and IoT technology and capabilities are proliferating. As the dependence on data-rich caches needed to inform algorithms and decision-making increases, the risks and opportunities for cybercriminals to harass, infiltrate and even highjack IT systems will expand. Yet, it remains unclear whether our business economy is prepared to face the challenge of the growing risks of cybercrime.

The Global Risks Report 2019 found that attacks against businesses have almost doubled in five years and that the financial impact is increasing greatly. Partially because of this, cyberattacks and massive data fraud both appear within the top five global risks by likelihood.

Zurich, not immune to the cyber-talent shortage, recently began looking for new ways to address this challenge. As a company with longstanding European roots, we already held the belief that apprenticeships are a vital and often underused tool to attract and train fresh talent, and our European offices have long used apprenticeship programs to develop its workforce. In 2017, this was expanded to include core insurance disciplines such as underwriting, claims, and finance.

In surveying our cyber-talent acquisition process and skills requirements, we realized that we had placed artificial constraints on hiring by only targeting the traditional four-year university graduate with a background in computer science or engineering. While there are roles that benefit by this type of educational background, there are many other cybersecurity roles that can be mastered by individuals with different levels of training and experience; moreover, there is a large, untapped workforce of individuals who have the desire to fill these jobs. Ginni Rometty, CEO of IBM, is credited with coining the term “new-collar worker” to describe individuals that have relevant skills in technology, many of which can be acquired through vocational or other non-traditional types of training.

The Cyber Apprenticeship model we built at Zurich is based on a two-year program that combines hands-on training with classroom instruction at a local partner college. Apprentices receive a salary and benefits while undergoing the program, and upon successful completion, qualify for a CompTIA cybersecurity certification and receive a certificate of program completion, as well as an offer for a permanent full-time position. While in the program, trainees cycle through rotations in six different cyber-skill areas: threat defense, incident response, application security, vulnerability management and threat intelligence.

While apprenticeships are not a complete panacea for the cyber-skills shortage, we believe that establishing programs to attract and train these “new collar” workers is an important part of a strategy that includes additional elements such as automation of menial, repetitive tasks and increased use of AI and machine learning as those capabilities mature.

One thing is clear: the requirements for cybersecurity have significantly outpaced traditional means of acquiring sufficient talent needed to effectively combat this growing threat. Despite a widely recognized need for more cyber-professionals, there remains an inadequate supply of them globally. Opening new avenues for attracting, growing and retaining cyber talent is critical for addressing the growing skills gap that businesses already face.