Cybersecurity risk and building resilience in the cyber workforce 

The increasing reliance on digital technologies, coupled with the proliferation of highly resourced bad actors and emerging threats like generative AI, has created a perfect storm of cyber vulnerabilities. While much attention is given to addressing operational and technological gaps, the human element of cybersecurity risk is often underestimated. Lack of cybersecurity knowledge ranks among the top 5 people risks for employers, both in terms of severity of impact and likelihood of occurrence within the next 2 years, according to the 2024 MercerMarsh Benefits People Risk Report.

A critical lever to addressing cybersecurity risk is building resilience in the cyber workforce that protects people and businesses online. But demand outweighs supply in the existing cyber workforce, the skills needed are evolving rapidly, and middle managers are struggling to find experienced talent to hire.

Due to all these challenges, the level of protection falls short of where it needs to be. It is imperative for organizations to take proactive measures to attract and retain cyber employees, fortifying their defenses and mitigating cyber risks.

According to the MMC 2024 People Risk Report, “US HR and Risk respondents are feeling the threat with 43% concerned about an increased risk of cyberattacks, specifically due to a lack of cybersecurity awareness, organizational design, and culture. While only 30% of respondents currently have in place an effective cybersecure culture, including hiring for cyber-security skills and delivering segmented cyber-security training; 45% have one that needs improving; and 20% plan to implement one in the next one to two years.“