Citi

As businesses become more digitally connected, their exposure to cyber threats increases. Managing these risks is a complex endeavor due to the rising costs of investment in equipment, software, and cyber talent. In this report, we focus on the causes and consequences of the increase in cyber skills demand. Our first chapter highlights the factors that have increased companies’ exposure to cyberattacks, as well as the costs associated with this exposure. We highlight two notable trends that have drastically changed the landscape and importance of cybersecurity. First, the impact of geopolitics and the emergence of cyberwarfare. Second, consumers’ rising attention toward the security of their personal data. In the second chapter, we discuss how global and regional labor markets fare in the face of steep competition for cybersecurity talent. Using information extracted from the profiles of the active cyber professional population, we measure the supply of cyber skills and examine the characteristics of cyber professionals. Our spatial analysis focuses on recruitment difficulties across states and cities. In our last chapter, we turn to regulation, business strategy, and governance. We discuss the importance of compliance and how failure to comply with regulation can substantially increase the cost of a cyberattack. We evaluate the costs and benefits of strict regulatory measures and explore alternative measures. We argue that cybersecurity is a public good and that firms should implement a resilient cybersecurity defense as their social responsibility.