Cyber security specialists are making more money and being promoted and trained faster than they were a year ago, according to new figures suggesting most company boards have become cyber security-aware amidst intensifying cyber attacks and stubborn staffing shortfalls.

The number of companies reporting five or more cyber security breaches during 2022 increased by more than half, with 29 per cent of respondents to the Fortinet 2023 Cybersecurity Skills Gap report – for which Sapio Research polled 1,855 IT and cyber security decision-makers in 29 countries – reporting repeated compromises.

Companies are not only more likely to be hit multiple times during the year, but more likely to feel financial pain from attacks whose average cost had increased by nearly a third year-on-year – with 48 per cent reporting data breaches that had cost over $1.44 million ($US1 million) to resolve.

Surging costs and increasing frequency seemed to have caught directors’ attention, with the proportion of executives reporting that their boards ask about cyber security increasing from 88 per cent to 93 per cent in a year.

“The growing enterprise attack surface and diversification of threats have made [boards’ role in improving cyber security] of paramount importance,” the report notes, “given board responsibilities for overseeing corporate risk and reputation management.”

Growing interest in cyber security has driven 83 per cent of board members to support the hiring of more cyber security staff – up from 76 per cent the previous year – with 68 per cent saying cyber security skills shortages increase their overall business risk.

Staff with certifications were seen as adding extra value, with 62 per cent of respondents saying certified staff perform their duties better.

This translated into higher salaries, with 47 per cent of certified staff making more money in 2022 than in the previous year – up from 29 per cent reporting salary bumps in 2021.

Certifications also create career options, with 55 per cent of certified staff crediting certifications with accelerating their career growth in 2022 – compared with just 34 per cent who said the same a year earlier.

Yet just as they’re ready to pay more for certified staff, 9 out of 10 executives say they are willing to hire promising but uncertified workers and train them in critical areas such as cloud security, cyber threat intelligence, malware analysis, secure system operations, and cyber security foundations.

Diversity losing its sway

With cyber criminals intensifying their attacks and companies struggling to hire enough cyber security staff, Asia Pacific respondents were the most pessimistic of their global peers, with 74 per cent expecting the cyber security situation to worsen in the coming year – well above the 65 per cent global average.

Even more worrying, 93 per cent of respondents believe they can do little to improve the situation because their cyber security staff are already doing everything they can to cope.

The belief that companies are already out of options “may suggest uncertainty about what additional measures organisations can take,” the report notes, “and sits at odds with other findings about increasing board concerns” that suggest even the most cyber aware boards are treading water when it comes to staffing.

Despite specialised programs designed to bring those groups into the cyber security fold, there were signs that many companies were stumbling to realise their potential.

Fully 40 per cent of respondents reported difficulties finding qualified cyber security workers who are women, military veterans, or from minority backgrounds – and during 2022 fewer companies maintained initiatives targeting women, minority and veteran candidates than in the previous year.

Promotion of diversity initiatives seemed to have lost steam, with just 83 per cent of respondents reporting near-term diversity hiring goals – down from 89 per cent in 2021.

With the diversity of candidates still well short of targets, the study’s authors warned executives to step up their outreach to groups like military veterans, whose defence mentality and training mean the industry “has much to gain by attracting individuals from this group.”

“Expanding the talent pool to draw from more diverse groups,” the report notes, “will continue to be critical so that organisations can meet their staffing needs.”