This could be a golden age for the cybersecurity market if it weren't for an anchor impeding growth: finding the talent to do the job.
With the explosion of data breaches, the impact of GDPR in Europe and the monumental increase in data privacy concerns overall, business is booming in the security sector. As every cybersecurity provider knows, there's a limited stable of workers with the right skill sets, and companies compete fiercely to attract them.
The forecasts are gloomy. Frost & Sullivan's 2017 Global Information Security Workforce Study predicts the shortage of cybersecurity professionals to reach 1.8 million by 2022 and this is one of the less-daunting projections. In April, Infosecurity reported that a new survey from Bitdefender found more than half of CISOs worldwide (65% in the UK) are worried about the global skills shortage.
Experts have been pointing to the talent crunch as a key cause of increasing data breaches, with not enough professionals on board to develop products, support customers and perform other mission-critical tasks.
In the United States, a variety of solutions to boost the talent supply are being proposed, including initiatives around education, training and addressing diversity issues in the cybersecurity field. But with 300,000 open American cybersecurity jobs, such long-term approaches aren't a viable answer. Instead, companies need to rethink their whole approach to hiring cybersecurity personnel.
What countries are blind to is the fact that we need to create international security teams, not just those ones who are siloed by countries or individual companies.
Fortunately, more American cybersecurity firms are starting to get it and have been setting up operations in other countries to exploit new talent pools. Asia and Africa are certainly two locations that have personnel, but the EU is a particularly attractive region due to the supply of educated people and vast, lucrative market.
For example, software and computer services was the UK's top sector for foreign investment in 2016. Other leading cities attracting tech investment include Dublin, Berlin, Amsterdam, Paris and Stockholm.
However, going overseas is not without risk and selecting the best location requires research and rigor. Choosing a European location addresses the issue of access to large markets but there are other factors that should be considered. For example, governments that favor open borders are a better choice for companies looking at setting up foreign operations as well as countries that have a healthy supply of tech visas for adding extra talent to a location once a base is established.
Vectra Networks vice president of marketing Mike Banic believes that the local talent supply, the attractiveness of the locale to these workers, and the cluster of other cybersecurity firms on the ground are the key considerations. “Some nations offer great advantages for doing business,” he told me.
About 50 of the world's top cybersecurity companies have offices in Ireland. Starting in the late '90s, companies like Symantec, McAfee and FireEye established a presence there and 2017 was a particularly active year. That's when AlienVault added 50 people to its sales and technical support center in Cork, Tenable Network Security set up its first international headquarters in Dublin with plans for filling 100 positions, and Keeper Security chose Cork for its EMEA SOC.
Vectra established its first non-American R&D center in Dublin with plans to grow it to 100 people. What was it about Ireland that drew this thriving AI-focused cybersecurity company?
As Banic explained it to me, "You're looking for a location that can pull on a diversity of talent, from the educational skill side, as well as the cultural and experience side. We liked it that Dublin is very business friendly and visa friendly, drawing talent from both inside and outside of Ireland.”
Given the always-evolving nature of business and governments, U.S. cybersecurity firms would love to see home-grown solutions emerge that boost the talent pool here. But savvy corporate leaders can't wait for that to happen, carefully selecting overseas locations that enable them to thrive in the meantime.