Cyber talent gap needs more than more hiring, executives say
Accenture cyber leaders say companies need broader skills, internal training and careful AI use to close a widening cybersecurity workforce gap.
By Hana Yoshida · Markets Reporter
3 min read
Two senior Accenture cybersecurity executives say companies cannot close the cyber talent gap by adding more workers alone. Harpreet Sidhu, Accenture’s global cybersecurity lead, and Vikram Desai, its global cyber strategy, risk and architecture lead, argued in Fortune that employers need to rebuild cybersecurity roles around broader capabilities as AI, regulation and business risk reshape the field.
Sidhu and Desai pointed to several measures of strain in the cyber workforce. They said demand for AI-related cybersecurity skills has more than doubled since 2020 and is now growing faster than the available global supply, while average cybersecurity job tenure has fallen from 3.3 years to 1.8 years.
They also said more than half of cybersecurity professionals report frequent job-related stress. In their view, those figures show that the current talent model is failing to match what companies now need from cyber teams.
Cyber jobs are broadening
Sidhu and Desai said cybersecurity teams used to work more separately from other business functions, with a main focus on controls, threat monitoring and incident response. They argued that the job now sits closer to business strategy, digital systems, regulatory demands and customer trust.
An Accenture report cited by the executives, “Reinventing the Cyber Workforce: Solving the Talent Imbalance,” examined more than 550,000 cybersecurity job postings and professional profiles around the world. According to Accenture, 59% of open cybersecurity roles now require technical expertise plus business judgment, strategic leadership and interpersonal skills, while only 40% of the current workforce has that mix.
Sidhu and Desai described those hybrid workers as “Conductors,” meaning people who can explain cyber risk in financial terms, guide decisions across company functions and build security into business changes. They said the market is producing many “Operators,” or technically skilled workers focused on controls and threat monitoring, but not enough workers with the broader profile.
Training gaps and pressure from AI
The executives said AI has become one of the fastest-growing skill requirements in cybersecurity postings, while worker capability has not kept pace. They also argued that many companies are not investing enough in the employees they already have.
ISACA data cited by Sidhu and Desai shows that fewer than three in 10 organizations fund structured upskilling programs for workers. They also cited ISSA data showing that 57% of organizations name insufficient internal investment as a direct reason for cybersecurity talent shortages.
Sidhu and Desai said some regulatory systems now make cybersecurity leaders personally accountable for governance failures, with possible consequences including fines, sanctions and criminal liability. They said that pressure is increasing demand for leaders who understand law, risk and crisis management.
What companies should do
Sidhu and Desai recommended that companies build more cyber capability internally through cross-functional pipelines. They said employers also need clearer accountability, manageable workloads and attention to worker wellbeing if they want cyber expertise to grow and remain in the organization.
They also called for wider career paths. In their view, cybersecurity professionals should gain more business experience, while business leaders should have clearer routes into cyber roles. They said cyber skills should be present where technology decisions are made, including product development, change management and IT operations.
The executives said universities also need to adjust cybersecurity programs. They argued that many programs do not give enough attention to cyber law, risk management, enterprise architecture and executive communication.
Sidhu and Desai said AI can take on high-volume cyber tasks that contribute to burnout, giving people more time for judgment, architecture and strategic risk decisions. They warned, however, that if automation removes basic work too early, future cyber leaders may miss experience they need later.
This story draws on original reporting from Fortune.