Europe’s shortage of skilled cyber security workers continues to increase and poses a significant risk to both businesses and citizens alike. Just under two-thirds of European employers now say they are struggling to find cyber security staff, according to the latest report from (ISC)2. Regardless of the size of the business, the Cybersecurity workforce study 2019, discovered that survey respondents pointed to the talent shortage as being their number one concern, with just over half reporting that they feared their organisation was at either moderate or extreme risk as a direct result. Cyber security is a varied discipline which has grown rapidly in recent years, with the UK government, in its Initial national cyber security skills strategy policy paper, acknowledging that the ‘rapid development has led to a fragmented narrative around cyber security skills and a lack of coherence between the different specialisms’. A core problem faced is that many employers, when they can afford it, prefer to buy ‘ready-to-go’ talent, rather than building skills internally. This costly process may appear attractive in the short term but perpetuates the skills shortage. Research finds that more than half of all UK businesses and charities (54%) have a basic technical cyber security skills gap, demonstrating the necessity of shifting the focus to building talent. Our research identifies four strategies organisations should use to help develop the workforce of tomorrow. With cyber security workers in such short supply, HR leaders must no longer solely rely on buying new skills as needed. Rather, a complete workforce strategy must be developed which combines the below four elements, taking a Total Talent Management approach. Build – Invest in learning and development for existing employees Upskilling is scaling up. Promoting a culture of learnability through an organisation is critical to success in this digital age. By 2022, over half (54%) of employees will require significant reskilling and upskilling. To really complete and boost the cyber security workforce, companies need to promote a culture of learning, provide career guidance, offer short, focused upskilling opportunities as well as identify and nurture talent with transferable skill sets. Buy – Go to market to attract the talent that cannot be built in-house 79% of employers plan to buy the skills they need, either paying higher market prices when recruiting externally or improving compensation for existing staff. Companies are happy to pay more for sought-after skills; however, the challenge comes when those skills are not available. Then the only option is to build. Borrow – Cultivate communities of talent beyond the organisation Digitisation has created new ways of working and new generations of workers who are increasingly open to flexible work approaches. Companies need to address any disconnect by being more open to offering alternative ways of working to attract, retain and motivate NextGen Cyber security workers. Bridge – Help people move on or move up to new roles Bridging requires tools including assessment, big data and predictive performance to define adjacent skills, identify strengths and help workers create clear career paths. Companies need to treat workers fairly and ideally offer support to move on to new opportunities elsewhere if their skills are no longer required. Find out more about how your organisation can shift to Total Talent Management or get in touch.