How the cyber skills gap affects not-for-profits and what you can do about it
31 January 2023
Here we explore the current cyber skills gap, and how it's affecting the not-for-profit industry.
What is the cyber skills gap?
In the UK alone, 697,000 businesses have a basic cyber security skills gap, putting their cyber security and business at risk. Unfortunately, this global shortage also extends to the not-for-profit sector and according to recent UK government research, many are behind on cyber skills when compared to other industries, further putting them at risk.
The cyber skills gap could be caused by several factors, such as:
1. Fast technological change
The rapid pace of technological change is widening the skills gap. Cyber security is a field that is constantly evolving, with hackers being extremely opportunistic - trying to stay one step ahead of their target.
It can be extremely difficult for organisations to keep up-to-date with the threats they are at risk of. As new technologies emerge, so do new threats, making it increasingly challenging for people to keep their knowledge and skills up to scratch and protect their organisation.
2. Unfulfilled vacancies
The demand for cyber security experts is growing, but the supply is not keeping pace. According to a recent Cyber security Ventures Research Group study, there will be a huge 3.5 million unfilled cyber security jobs globally by 2025. Very few universities and colleges offer cyber security courses, resulting in a lack of diversity and volume of graduates needed to fill these vacancies.
3. Not viewed as a critical risk
In addition to the shortage of qualified professionals, there can be a lack of the understanding of the importance of cyber security. Many establishments still see cyber security as an IT issue, not a business risk; this couldn’t be further from the truth. This perspective of cyber security can lead to a lack of investment and a lack of emphasis on hiring the qualified professionals needed.
4. Lack of confidence
Across eight major cyber security factors, from detecting and removing malware to controlling who has admin rights, research suggests NFPs feel less confident in their cyber security knowledge by an average of 16%. This can leave NFP organisations more vulnerable to cyber attacks, data breaches, and other cyber threats when compared to other industries.
Extent to which businesses are confident in performing basic cyber security tasks (where such tasks are not outsourced)
How the cyber skills gap could affect your not-for-profit organisation
As a NFP, a lack of awareness of cyber security risks can be a significant concern. Whenever the necessary policies and procedures to manage cyber security risks aren’t in place there is the potential for danger.
However, when resources such as time and funds are limited, cyber security may not be at the top of your list of priorities. Just under a quarter of NFPs are reported to have a formal cyber security policy in place, with only 55% citing cyber security as a priority in their organisation. It is likely that the cyber skills gap is creating this disparity in priority and cyber security planning.
People are at the core of any not-for-profit organisation; staff, volunteers, donors and more. Unfortunately working with people, in any business, presents a cyber security risk. ‘82% of all breaches occur due to a human error or human element’. Hackers are opportunistic and use all people within an organisation to their advantage. Of the NFPs that reported a cyber attack in the last 12 months, 87% of these reported phishing attempts - where attackers try to trick users into revealing sensitive information or downloading malware. With there being a global skills gap in cyber security, it’s vital to educate your team to understand how their actions impact the protection of your organisation.
The cost of cyber security
Budget constraints and high cost of investment can make it more difficult for your not-for-profit to invest in cyber security technology and hire specialist staff in house. Unfortunately, the cost of a cyber attack can often be much higher than the cost of implementing cyber security measures with the average data breach costing $4.35 million in 2022.
One of the reasons why cyber attacks on NFPs can be particularly damaging is that they can harm the very communities that your NFP exists to serve. Your organisation holds sensitive information about your stakeholders and donors, and a breach can severely compromise this data. This can damage the trust between you and your stakeholders and make it difficult for you to progress with your mission.
Your NFP mission is of the utmost importance and efforts taken to protect the publicity of the mission should also be considered. It’s imperative that you protect your organisation from breaches in order to keep the relationship you have with your donors and stakeholders, despite the cyber skills gap presenting a challenge.
Slow response time
Without the necessary cyber security staff and knowledge, you may not be able to respond to cyber incidents as quickly and effectively as you would like to. This can lead to disruptions in usual operations, resulting in a loss of revenue and resources. Moreover, a lack of cyber security expertise can prevent you from identifying new opportunities for growth and innovation in the digital space.
Unfortunately, NFPs can be a target for cybercriminals due to their cause. As a not-for-profit, you’re more likely to have access to sensitive information that can be used for ransom or other illicit activities. You are also responsible for protecting the data of your stakeholders and donors - and malicious actors are usually after these very things. Overall, the cyber skills gap can have far-reaching and severe consequences for NFPs, and you must take steps to address it to protect yourselves and your organisation. This is essential to continue your mission and raise funds.
Strengthen your mission: Steps you can take
Filling the cyber skills gap is crucial for protecting your NFP from cyber breaches. If you’re looking for ways to address the skills gap and improve your cyber security knowledge, you have a few options:
Recruiting cyber specialists One way to fill the cyber skills gap within your business is of course to recruit dedicated cyber specialists. Whilst the global cyber skills gap has inflated wages for these members of staff, it can be worth building a business case for extra budget to enable you to hire the right cyber specialist for your organisation. This will ensure that you have the necessary dedicated staff and knowledge to protect your mission and safeguard the well-being of your business.
Train team members One of the most effective ways to combat the cyber skills gap is to train current team members. A robust in house training program can provide your team with the skills and knowledge needed to protect your organisation. A consideration should be made as to how frequently this training is made available due to the fast-paced nature of cyber security, as knowledge should be kept as up-to-date as possible to minimise risk.
Work with organisations who specialise in cyber security Investing in cyber security technology and people can be extremely costly if you are to fully bring this in house. There can also be complexities and risks associated with managing your cyber security in house too. It may be more cost-effective and a faster solution, for you to seek support from an outsourced provider who specialise in fully managed cyber security solutions (MSP), particularly as cyber criminals become more advanced, demanding more time and resources to protect your NFP organisation.
Working with an MSP can be beneficial in many ways:
The cyber skills gap is a challenge that all organisations, and NFPs are facing. Despite being of growing concern, it presents an opportunity to strengthen your mission and there are clear steps that you can take to tackle this global shortage of skills. By taking the necessary steps to address the cyber security skills gap, you can ensure that you have the right staff and knowledge to protect your mission and safeguard the well-being of your stakeholders, and those your not-for-profit organisation is there to serve.
Bluecube is a managed service provider specialising in cyber security prevention and recovery. We work with a range of not-for-profit organisations to protect and strengthen their mission. We tailor each cyber security prevention solution to the nuances of every business we work with, as we understand that every organisation is different.
Contact us today to discuss how we can help your NFP organisation improve its cyber security and protect its mission.
Phishing - Don't take the bait
Phishing is a scam tactic that criminals use to steal...