The more digital transformation grew, the more cyberattacks grew, with a bleak reality that there are only a few cybersecurity professionals out there to keep the cyber criminals at bay. Proven by the World Economic Forum (WEF), the world is lacking three billion cybersecurity professionals.

The report says, “there is an undersupply of cyber professionals—a gap of more than 3 million worldwide who can provide cyber leadership, test and secure systems, and train people in digital hygiene”.

In fact, the shortage of these professionals could impede economic growth. The report laid emphasis on new efforts to ‘democratize’. Small businesses and other organizations may profit to some extent from cybersecurity initiatives such as providing free security risk management tools.

However, “there are concerns that quantum computing could be powerful enough to break encryption keys, which poses a significant security risk because of the sensitivity and criticality of the financial, personal and other data protected by these keys. The emergence of the metaverse could also expand the attack surface for malicious actors by creating more entry points for malware and data breaches".

According to a PWC report, “security consulting services, which include planning of cyber security strategies, policy development, and building security architecture, are expected to grow at a compound annual growth rate (CAGR) of 12.2 percent over 3 years to become a market worth $157 million by 2022”.

“The security implementation services market in India is estimated to increase from $221 million in 2019 to $320 million by 2022, at a CAGR of 13.2 percent, given that drawing up effective cyber security strategies depend on successful security implementation”, says the report.

According to the Data Security Council of India, “the most advertised security job is ‘Analyst’. However, there is a significant demand for security operations, threat management, security management, identity and access management”.

Enterprises, on the other hand, are having difficulty finding qualified security personnel.

“67 percent of firms are having problems remaining up to date with their cybersecurity environment," according to Sophos in 2021, “and in-house skills are a crucial element in helping organizations solve this challenge”.

“Unfortunately, 59 percent of businesses think that their company's lack of cybersecurity expertise is a challenge for their organization," the report stated. "This is a marginal 3 percent improvement from 2019's 62 percent”.

“Security isn't just about knowing how to use technology; it's about knowing how to use it in the right environment”. The trick is to be aware of your surroundings and use proper controls. “Enterprises need individuals that are knowledgeable in both areas, but finding the correct blend in a professional can be tough”, says Yask Sharma, CISO, Indian Oil Corporation Limited.

The problem is that no amount of outside cyber security experts can make cyber security better.

“Cybersecurity is a culture that you have to develop within your organization. No external products or engineers can help with that as every engineer needs to be trained with this skill and most Indian engineers are hardly trained on this front and many do not understand the concept of privacy, though some may understand cyber security”, corroborates Srinivas Kodali, researcher, Free Software Movement of India.

“The attackers are hitting where it hurts the most and they spend a lot of time in finding the spot and, therefore, the defenders need to know their areas better than the attackers," Sharma implies.

This phenomenon, however, is a silver lining for comparatively smaller cyber security businesses as they are seeing a greater than ever spike in demand. “With most employees working from home, the number of cyberattacks have increased around 300 percent in the last year alone. With our interaction with the CISOs/ CIOs community, we hear if they need 10 cybersecurity professionals in a team, they currently have three, which is 30 percent cybersecurity experts in their team”, says Sandip Kumar Panda, co-founder, and chief executive officer, Instasafe Technologies.