We’ve all seen the countless articles and think pieces about why cybersecurity needs to be a board-level issue and not just an IT issue. It’s one of those fundamental things that has been discussed in cybersecurity circles for years, but there’s remained a divide between discussion and action.

Things seem to be looking up, however. The 2023 Fortinet Global Cybersecurity Skills Gap report found that 93% of boards are now regularly asking about cybersecurity. That’s up from 88% the year prior. This is a very positive development, but now it’s time to ensure this goes beyond just conversation and into real action.

Making Hiring a Priority

The report also found that 68% of organizations indicate they face additional risks because of cybersecurity skills shortages. This is no surprise; we’ve been hearing about the cybersecurity skills gap for years, and it remains a significant problem at the industry level.

At the same time, we’ve seen layoffs and hiring freezes across sectors amid economic uncertainty and recession fears. The good news, however, is that the survey results indicate boards recognize that cybersecurity positions are a worthy and much-needed investment. 83% of boards have suggested increasing IT security headcount compared to 76% the prior year.

Hiring is just one step toward closing the gap, albeit an important one. However, given that finding talent is also a challenge even when the desire is there, it’s important that boards also recognize the importance of investing in existing talent.

Implement Upskilling and Reskilling

It’s important to invest in the talent you have. With cybersecurity positions in high demand, employers need to ensure they’re incentivizing their existing employees.

This is where upskilling, reskilling and training play a key role.

One main goal should be to keep the security professionals you already have on the team. Giving your team members regular opportunities to learn new skills or improve their current ones can be crucial for retention. Statistics demonstrate the value of ongoing training programs for security staff; 95% of participating companies attested to the benefits of technology-focused certifications.

Reskilling is another important method for closing the cyber skills gap within your organization. It involves identifying those employees who might have a knack for cybersecurity but are not currently working in that capacity. Then, encourage them by providing resources and training opportunities.

This strategy will be a gift that keeps on giving. In a study from the Society of Human Resource Management (SHRM) Research Institute, 86% of participating HR managers said that providing ongoing training helps organizations retain staff.

Along with opportunities for learning and development, take the time to honor top-performing security teams. Although it seems like a no-brainer, it’s possible to get caught up in daily duties and forget to give people credit for doing a good job. Give your team members the credit they deserve: a simple “thank you,” recognition in a large group setting or even a bonus. Not only is this a decent thing to do, but it’s another action that helps with retention.

Reinforce the Fact That Cybersecurity Hygiene is for Everyone

Even as boards start to recognize the role they play in cybersecurity, it’s essential that they recognize that security is truly everyone’s job. And that means that a mandate for cyber hygiene for all needs to come from – and include – the top. Everyone, no matter their position, needs cyber hygiene training, even board members.

Employees can learn how to recognize risks, safeguard their workplaces, and protect themselves with the support of general cybersecurity awareness training. This type of educational content can contribute valuable information to existing internal training programs. Training can provide context and examples to help everyone learn about changing attack methods. This includes not just zero-day vulnerabilities and ransomware but social engineering campaigns like phishing, spear phishing and deepfakes.

As much of America’s workforce continues to work from home, this training becomes especially important. Cybercriminals continue to target work-from-anywhere (WFA) endpoints to penetrate business networks. There is no better time than now to ensure that everyone is knowledgeable about cybersecurity basics and is aware of key cybersecurity awareness fundamentals to help decrease the possibility of using an employee to access corporate data and networks.

Skilling From Within

Fortunately for most companies today, cybersecurity has become a board priority. And considering that a large number of breaches can be directly attributed to a lack of skilled professionals, it’s important to have that support from the top. To translate that support into action, organizations need to focus on staffing up. But that doesn’t always mean hiring more people; these days, it can mean hiring from within.

Organizations need to assess the security talent they already have in-house and see who on their team might be ready for training that will boost their skills and offer them the next career step. Companies can also look within to find employees who are interested in cybersecurity and willing to learn; training these individuals will also help close the cyber skills gap.