“There are two types of companies: those that have suffered a cyber attack and those who will suffer it”. The warning of this recurring appointment could also be extended to hospitals, as evidenced by the “sophisticated and complex” computer aggression that this Sunday paralyzed the Clinical Hospital from Barcelona. The wave of scams and digital kidnappings in recent years has made the cybersecurity increasingly crucial for both the public administration and the private sector. However, this threat has an added problem: there is a lack of professionals.
In 2021, Spain had some 149,774 cybersecurity professionals, but also with a gap in talent estimated at 24,119, according to the ‘Analysis and Diagnosis of Cybersecurity Talent in Spain’ prepared by ObservaCiber. So the number of experts needed was 63,191 jobs, a figure that in 2024 will exceed 83,000. From 2021 to 2022, the workforce in that field grew by 23.22%, but the professional gap skyrocketed by 57.5%, according to a study by the association (ISC)².
More and more experts are being recruited in Informatic security, but not at the pace that this threat requires. The problem goes beyond Spain and, globally, the shortage of qualified professionals is 3.4 million experts. This problem, moreover, has been accentuated after the Russian invasion of Ukraine and global geopolitical tensions have accelerated cyber attacks. Even so, Spain appears as the fourth world power in cybersecurity in the Global Cybersecurity Index 2020, a report prepared by the ITU, the organization of United Nations that regulates telecommunications.
Lack of investment?
This lack of personnel may be due, on the one hand, to the fact that cybersecurity has not been seen as a priority within companies for years. “In recent years, the demand for cybersecurity profiles has grown, but the investment in these teams it does not grow proportionally, which can lead to stressful situations”, explains Miguel López, general director in Spain of the American company Barracuda Networks.
However, the constant digitization of its businesses is beginning to give strategic relevance to this aspect. Thus, 51.3% of Spanish companies want to increase investment in the protection of their systems, according to a study by Secure&IT. 90% of national companies have been affected by some type of cyberthreat.
Flight of talent
The experts consulted by EL PERIÓDICO point out that the shortage of professionals is also due to a brain drain. Many prefer to go to work in companies outside of Spain. “They do it because the economic offers are not comparable with those here. In addition, there are very high pressure rates and that burns a lot,” he explains Orejon Jungle, CEO of the cyber-research firm onBRANDING. “Job opportunities and salary expectations are much higher abroad,” adds López, who laments a “lack of appreciation” for the work of cybersecurity experts.
Private companies are the main applicants for this type of professional profile, according to the ObservaCiber report, but the public administration also needs more experts in computer security. The salaries of cybersecurity professionals range between 25,000 and 60,000 euros in the private sector. In the public administration, they can range from the 23,000 charged by project technicians to more than 90,000 euros for senior managers, according to information on remuneration from the Spanish Cybersecurity Institute (INCIB).