Why you Should Upskill Workers Amid CFO’s Cybersecurity Spending Surge
The most recent data on cybersecurity workforce demand highlights a global shortage of 3.4 million cybersecurity professionals, reflecting an ongoing and significant gap that organizations must address. This shortage has only grown since previous estimates, underscoring the critical need for upskilling within organizations to fill this gap. CFOs should consider directing their cybersecurity spending toward training and upskilling current employees. Upskilling not only helps bridge the gap caused by the shortage of new hires but also equips existing employees with the necessary skills to tackle emerging threats such as cloud security, AI-related risks, and zero-trust implementation.
This approach is crucial, especially in an environment where nearly half of organizations report budget cuts impacting cybersecurity training programs, which are vital for workforce development. Given the complex and evolving threat landscape, investing in internal talent through targeted training can enhance organizational resilience and ensure cybersecurity teams are well-prepared to respond to current and future challenges.
What CFOs Are Saying About Cybersecurity
According to recent reports, 70% of CFOs are increasing spending on cybersecurity in 2024, reflecting a heightened awareness of the growing threat landscape. However, despite these efforts, 35% of CFOs believe their company remains as vulnerable as last year, indicating a persistent concern over the effectiveness of their cybersecurity measures.
In PwC’s 2024 survey, 58% of CEOs now rank cyber threats as their top concern, a notable increase from previous years. This underscores executives’ shifting priorities in navigating an increasingly complex cyber environment.
Despite the increased spending, the solution to the cybersecurity talent shortage remains elusive. While some CFOs are still focusing on hiring, the gap between demand and available talent has grown, with the number of unfilled cybersecurity jobs surpassing 3.4 million globally. This ongoing shortage is compounded by the fact that even a surge in cybersecurity graduates cannot immediately bridge this gap.
Organizations increasingly turn to upskilling existing employees as a viable solution to address this. Upskilling helps fill critical roles and ensures current employees are equipped with the latest skills to combat emerging threats. This approach is becoming essential in the face of an ever-evolving threat landscape and a talent pool that cannot meet the industry’s immediate needs.
The awareness is present, but the solution seems to remain up for debate. Most CFOs are turning to increased hiring to resolve cybersecurity vulnerabilities. Over half of executives say they plan to increase their cybersecurity staff, but over 3 million cybersecurity jobs went unfilled in 2021, indicating a gap between staffing needs and available new hires.
As cyber threats continue to grow year after year, this problem will only get worse. Even if Gen-Z students were enrolling in cybersecurity degree programs in unprecedented numbers, they would not be able to meet the current demand for cybersecurity professionals. Today’s organizations and CFOs need another solution: upskilling.
How to Explain Why You Need to Spend on Security
Upskilling existing employees will require an investment from your organization’s CFO. However, it is essential to remember that this is a crucial security investment, not just an employee benefit program. Clarifying this distinction is vital for pitching a cybersecurity upskilling program to their CFO.
Be clear and transparent with your CFO, and ensure that all of your statements are rooted in facts and backed by evidence. Start by collecting concrete cybersecurity risks your organization faces and preparing reasoning to show how increased spending, specifically on upskilling, would address those risks. You must also demonstrate why existing infrastructure and spending are insufficient, providing concrete evidence and reasoning to show why your specified risks cannot be addressed. These risks include anything from outdated technology to new workplace policies.
For example, 50% of organizations are predicted to adopt “anywhere operations” by 2024, furthering remote and hybrid work as the new standard. Increased security is required to facilitate this. Walk through all the primary risks in your organization, but do so professionally and non-judgmentally. Clearly explain the risks of not addressing the vulnerabilities you specify—what could happen if your organization does not increase spending to address these security vulnerabilities?
Upskill Workers Remotely in Cyber
In addition to discussing the risks of insufficient security spending, you must present concrete solutions—in this case, upskilling. CFOs will want to see why it is a valuable investment.
Studies by IBM found that the average cost of a data breach increased to $4.88 million in 2024, up 10% from the previous year. According to recent surveys, the average cost to completely reskill an employee in the US is less than $25,000, with upskilling being even less intensive and costly. For example, Amazon’s $700 million upskilling program only required about $1,000 per employee.
Thus, if employees were upskilled to prevent data breaches effectively, organizations could see an ROI of $3 million or more saved on data breach damages. This doesn’t even account for the additional and profound harm that data breaches can cause, such as damaged shareholder trust, stock price crashes, and prolonged reputational damage.
Cybersecurity Needs in the Workforce
Making a case for upskilling may be easier when you include the context of a broader view of cybersecurity needs in the workforce.
The workforce urgently needs cybersecurity professionals who are well-versed in these emerging technologies to protect against these evolving threats. Upskilling could be the ideal solution for expanding cybersecurity personnel within organizations while enhancing the knowledge base of new and existing professionals to address these emerging threats.
Moreover, upskilling benefits both employees and organizations. It’s worth noting that about 65% of employees are actively seeking new job opportunities. Providing upskilling opportunities can help keep these employees engaged, improve retention rates, and simultaneously build a more robust internal cybersecurity team. Investing in upskilling reduces the need to hire new employees—a challenging and costly endeavor given the ongoing labor shortages in cybersecurity—and equips your existing team with the skills needed to address today’s most pressing security challenges.
Upskilling to Upgrade Cybersecurity
It’s crucial to present CFOs with factual evidence and a comprehensive risk assessment that clearly outlines the need for increased cybersecurity investment. Rather than focusing solely on attracting new talent, which is both difficult and costly in the current labor market, the emphasis should be on upskilling existing employees to equip them with the necessary skills to defend against evolving threats.
Protect Your Organization from Phishing
Explore More Resources
- Article, Blog
- Article, Blog
- Article, Blog
Your Trusted Source for Cyber Education
Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.