What are the challenges with cyber security recruitment?

What are the challenges with cyber security recruitment?

The greatest threat to cyber security is the lack of cyber experts in the industry. Cyber security is a hot topic, there isn’t a day that goes by that something cyber related hits the headlines and for good reasons. We are living in a technology age, everything is related to cyber.

You wouldn’t leave your office without ensuring the windows were shut and the doors were locked, you take all precautions to ensure your physical security, but what about your cyber security?

Are you doing enough to protect yourself in the cyber world, or do you leave yourself and your business wide open to cyber attacks?

Cyber attacks have fast become one of the greatest threats of the 21st century to businesses. Small, medium and large enterprises are all finding themselves vulnerable, and if you store anything to do with personal information: client data, personnel files, business plans, future projects, you are leaving yourself exposed.

So why aren’t we just putting people in place to tackle cyber crime?

Well, many reasons, not limited to:

1. Lack of cyber skills in the industry

A poll conducted by Infosecurity Europe 2019 suggests the biggest challenge to cyber security recruitment is a lack of skills. In particular technical skills, threat intelligence, incident response and forensic investigation.

The reason for this lack of skills being twofold: firstly not being able to get enough people through the doors initially to fill entry positions in the first place and secondly, if cyber security people are there, not keeping them interested long enough to stick around and develop these key cyber skills.

According to a recent Global Information Security Workforce Study, over 90% of tech employers are aware that there is a significant gap in talent and that this gap will only grow larger, culminating in a skills shortage of 3.5m professionals, come 2023.

2. Lack of cyber security training

According to a study carried out by CW jobs, 53% of workers have not received training on cyber security, and for those workers who have been cyber security trained, 23% don’t feel confident that should the company come under cyber attack, they would be able to handle a breach.

3. Cyber graduates want to work for big name tech companies

If you’re a cyber security graduate and you know the world is your oyster, and young, edgy tech startups are the places you want to work, you will prioritise applying to work for them. But in reality, every business needs cyber security graduates to become experts within their teams. You have to find a way to reach them.

So, the challenges with cyber security recruitment lie then with finding, attracting and retaining talent. How do you overcome these challenges? We’ve broken them down for you.

Finding talent

Being first in line is tough in this day and age, it seems it’s a graduate’s job market at the moment. If you hope to recruit the top talent in cyber security, you have to think outside of the box. The standard ‘turn up and man a stall at a job fair’ is a thing of the past.

  • If you aren’t a tech company, you need to ensure your HR department makes you an appealing place to work for tech graduates. You might need to alter your long term plans to prioritise cyber security and tech, to appeal to tech graduates, but that is no bad thing. If you want to retain tech experts for the long term, you will have to make it worth their while sticking with you.
  • You need to have your recruitment campaign all over social media. Create a presence on all social platforms that you think your potential candidates are on and spread the message far and wide that you’re looking to recruit cyber security experts. Make sure you let them know how to get in touch with you.
  • Create job adverts not just on the big job sites, but on the niche ones too. Hunt where your candidates are likely to be hiding. Let your networks know, advertise your recruitment campaign on your LinkedIn profile and share it with your LinkedIn groups.
  • Don’t stick to the tried and tested methods of old, you aren’t recruiting baby boomers any more, you’re targeting Millennials and Gen Z too. And they are a whole different kettle of fish.
  • If the task of recruiting cyber security professionals is a daunting one, consider looking to harness the expertise of dedicated cyber security recruitment firms such as Acumin. Our consultants have over two decades of experience recruiting cyber security experts,
  • If you can’t find what you’re looking for in cyber security candidates initially, be less specific. Certain job skills can be taught, others like team work, proactiveness and initiative not so much. If you have a candidate with a passion to learn, you can train them up to become an expert in what you need them to be an expert in.
  • Never underestimate the power of a referral. If you can create a network of cyber security experts that you can then tap into when you have a job opening, you are making your life much easier.

Attracting talent

Once you’ve managed to root out the cyber security talent, your next challenge with cyber security recruitment is attracting that talent to come and work for you. It’s all good and well unearthing cyber security experts, but you need to persuade them to sign on your dotted line. And that is sometimes easier said than done.

However there are ways you can make your company an incredibly appealing place to work.

  • Embrace diversity. Don’t just target graduates at the Red Brick Universities, instead cast your net wider, to the universities that don’t have such high tuition fees, but do have the cyber security talent you’re looking for.

Diversity will help you in your cyber security recruitment – if you demonstrate that you are a 21st century company, one that prioritises diversity in your work force and equality, you will be the company that people want to work for.

Plus by recruiting a diverse workforce you will employ people who approach problem solving from different angles, which will ultimately benefit the cyber security industry as a whole.

  • Be unconventional and get in front of potential applicants as much as possible. If you don’t think you can woo candidates with your pitch alone, consider bringing them into your office for a look-see, or let them shadow you or the CEO for a day. Maybe set them cyber security challenges to whet their appetite or host a hackathon. Just make your company a place that cyber security experts want to work at.
  • Senior level cyber security experts may need more persuasion to come and join you, as they are probably not actively looking to change careers so you are going to have to think hard about how you could tempt them over to you. A recent survey showed a 7% increase in salary was the financial incentive that typically tempted senior professionals.
  • Never lie or be dishonest to candidates, you won’t get anywhere if you don’t tell the truth. Be open and transparent and professional.

Cyber security experts know their worth and know they’re in demand, so make sure your recruiting process is as seamless as possible for them.

Find out what motivates your candidates and strive to achieve that for them, financial rewards aren’t always what everyone is after: perks, flexible working, health insurance, career development courses, these are all things you could look to offer candidates to smooth the way, that won’t necessary cost you the earth.

  • If your candidate is employed by a competitor, discretion is always the better part of valour. Be considerate and understanding with their situation, don’t rush anything and don’t jeopardise their situation.

Retaining talent

Once you’ve found, attracted and recruited the best cyber security talent there is, you are then faced with one final problem. There is a serious shortage of cyber security experts, so if you’ve poached yours, expect others to approach and try and ensnare them aware from you.

The tech industry experiences incredibly high staff turnover rates, so during your recruitment process you will have to gauge whether your select candidates are flighty or are in it for the long term. You don’t want to spend money recruiting the top talent only to find them jumping ship a few months down the line when a seemingly better offer opens up.

  • Onboard new recruits thoroughly. Not only do you want to ensure the entire recruitment process for candidates is as good as it can be, UX is after a key factor in hiring employees in this day and age. But if you want your new recruits to refer your company to their friends or acquaintances, give them something worth referring.
  • Don’t lose interest in your candidates the minute you employ them. Find out what makes them tick, what they’re interested in, what their career plans are, and see what you can do to help them succeed in their cyber security career. Satisfied employees won’t churn.
  • Cyber security is a demanding industry to work in, acknowledging this and putting systems in place to mitigate against burnout and frustration is essential. These can be as simple as company yoga classes, free food in the canteen, casual fridays, regular team days or team lunches. Any way to relieve the tension and ease the pressure on your cyber security experts is going to work toward retaining them.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001





Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?


Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you


Thank you for successfully uploading your CV.

Acumin Alerts


Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.



Thank you for submitting your vacancy.


Create an account to register your contact details, sign up for job alerts and upload your CV


Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management

Submit a Vacancy

Use the form below to submit a vacancy