Why you Should Upskill Workers Amid CFO’s Cybersecurity Spending Surge

Why you Should Upskill Workers Amid CFO’s Cybersecurity Spending Surge


Organizations need to increase cybersecurity strength today more than ever and CFOs’ recent spending surges provide a perfect opportunity to do so. However, there is an estimated shortage of over 2.7 million cybersecurity professionals worldwide. If organizations are going to strengthen their cybersecurity, CFOs’ spending should go toward upskilling existing employees to bridge the gap between the skills organizations need and the shortage of available new hires.

What CFOs Are Saying About Cybersecurity

According to CNBC and the CFO Council, 68% of CFOs are increasing spending on cybersecurity and 32% think their company is more vulnerable or at the same level of protection as last year. So, clearly CFOs are aware that cybersecurity needs to be a top priority. In fact, surveys from PWC found that 49% of CEOs rank cyber threats as their top concern for 2022.

Upskill Workers Cybersecurity

The awareness is present, but the solution seems to remain up for debate. Most CFOs are turning to increased hiring to resolve cybersecurity vulnerabilities. Over half of executives say they plan to increase their cybersecurity staff, but over 3 million cybersecurity jobs went unfilled in 2021, indicating a gap between staffing needs and available new hires.

As cyber threats continue to grow year after year, this problem will only get worse. Even if Gen-Z students were enrolling in cybersecurity degree programs in unprecedented numbers, they would not be able to meet the current demand for cybersecurity professionals. Today’s organizations and CFOs need another solution: upskilling.

How to Explain Why You Need to Spend on Security

Up-skilling existing employees will require an investment from your organization’s CFO. However, it is important to remember that this is a key security investment, not just an employee benefit program. For those who are hoping to pitch a cybersecurity upskilling program to their CFO, it is important to make this distinction clear.

Be clear and transparent with your CFO and make sure all of your statements are rooted in facts, with evidence to back them up. Start by collecting concrete cybersecurity risks your organization faces and have reasoning prepared to show how increased spending, specifically on up-skilling, would address those risks. You will also need to demonstrate why existing infrastructure and spending are not sufficient. Have concrete evidence and reasoning to show why your specified risks cannot already be addressed. These risks might be anything from outdated tech to new workplace policies.

For example, an estimated 40% of organizations are predicted to adopt “anywhere operations” by 2023, making remote and hybrid work the new standard.

Increased security is required to facilitate this. Walk through all the main risks like this that are present in your organization, but make sure to do so in a professional and non-judgmental manner. Clearly explain the risks of not addressing the vulnerabilities you specify – what could happen if your organization does not increase spending to address these security vulnerabilities?

Upskill Workers Remotely in Cyber

In addition to discussing the risks of insufficient security spending, it is vital that you present concrete solutions – in this case, upskilling. CFOs will want to see why it is a valuable investment.

Studies by IBM found that the average cost of a data breach is over $4 million as of 2021. The average cost to completely reskill an employee in the US is less than $25,000 according to 2019 surveys. Upskilling is even less intensive than reskilling, so the investment could be even lower than that. For example, Amazon’s $700 million upskilling programs only required about $1000 per employee.

So, if employees were upskilled to effectively prevent data breaches, organizations could potentially see an ROI of $3 million or more saved on data breach damages. That doesn’t even account for the additional and profound harm that data breaches can have, such as damaged shareholder trust, stock price crashes, and prolonged reputational damage.

Cybersecurity Needs in the Workforce

Making a case for up-skilling may be easier when you include the context of a wider look at cybersecurity needs in the workforce. Cyberattacks rose by over 3 million from 2021 to 2022, indicating a continuing increase in cyber threats. Additionally, studies by McKinsey show that cybercriminals are beginning to use more advanced tools, like AI and machine learning. The workforce needs cybersecurity professionals with an understanding of these technologies in order to protect organizations.

Upskilling could be the ideal solution for increasing cybersecurity personnel within organizations while also honing the knowledge of new and existing cybersecurity professionals to include emerging threats.

It is also worth noting that upskilling benefits employees as well as organizations. An estimated 65% of employees are looking for new jobs.

Upskilling could help keep these employees engaged and convince them to stay with the company while also providing value by becoming new cybersecurity professionals. Investing in up-skilling reduces the need to hire new employees, which is already difficult and expensive given persistent labor shortages in cybersecurity.

Upskilling to Upgrade Cybersecurity

Organizations are facing ever-increasing cyber threats, but the cybersecurity industry continues to face a shortage of professionals with the necessary skills and knowledge. You can use factual evidence and a thorough risk assessment to demonstrate to CFOs why increased cybersecurity spending is necessary. Spending should go toward upskilling existing employees rather than attempting to attract new hires.

Protect Your Organization from Phishing


Explore More Resources

Your Trusted Source for Cyber Education

Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.

Download Syllabus

Let’s Talk

Download Syllabus

Apprenticeship Program

Apprenticeship Program

Let’s Talk

Get Your Free Trial

Access our Free OWASP Top 10 for Web

Enter your information below to join our referral program and gain FREE access for 14 days

Follow the steps below to get FREE access to our OWASP top 10 for Web course for 14 days

  1. Simply copy the LinkedIn message below
  2. Post the message on your LinkedIn profile
  3. We will contact you as soon as possible on LinkedIn and send you an invite to access our OWASP Top 10 for Web course


Make sure you confirm the tag @ThriveDX Enterprise after pasting the text below in your LinkedIn to avoid delays in getting access to the course.
tagging ThriveDX Enterprise on LinkedIn

Ready to Share?

Take me to now >

Contact ThriveDX Partnerships

[forminator_form id=”10629″]
Skip to content