Cybersecurity resources: Bridging the skills and talent gap requires commitment, strategy, and time

When chief information security officers (CISOs) are asked what today’s greatest cybersecurity challenges are, a significant shortage of the right talent and the right skills is typically one of the top responses. As the World Economic Forum recently noted in its Global Cybersecurity Outlook 2025 report, the cyber skills gap continues to be a key challenge for organizations that are trying to become more resilient. In fact, according to the Forum, the cyber skills gap increased by 8% in 2024, with two-thirds of surveyed organizations facing moderate-to-critical talent shortages. With an estimated shortage of nearly five million skilled people, it’s no wonder CISOs are concerned.

For companies like Schneider Electric, where cybersecurity focuses not only on traditional information technology (IT) security, but also security in operational technology (OT) facilities, the talent and skills challenge can be even more complex. While some believe that the technical expertise, knowledge, and experience needed for OT facilities are similar to those in IT environments, the reality is quite different. OT skills are specifically focused on protecting industrial controls systems (ICS) and related processes for physical industrial applications and machinery, and these skills are even more scarce than IT ones are.

The need for qualified OT cybersecurity talent is intensified by the increasing number of attacks on OT facilities. According to recent research, there was an 87% increase in ransomware attacks against industrial organizations in 2024. Additional threat intelligence data discovered that there were billions of threats detected across critical infrastructure sectors in 2024, with a 300% increase in cyberattacks targeting OT in North America’s energy and utilities sector.

Closing the gap with commitment, a strategic approach – and time

Schneider Electric aims to have a strong cybersecurity team in place to help build trust between our company and our customers, partners, and authorities as noted in our Trust Charter. This approach also supports our mission to increase our cyber maturity and resilience.

However, we recognized several years ago that building a highly skilled cybersecurity team who supports not only our own organization but also our customers would not happen overnight. It would take time, dedication, and a lot of hard work. We knew we needed a long-term strategy that included a plan to build a talent pipeline as well as an IT-OT cross-training and upskilling strategy. We also recognized that this effort needed to be an enterprise-wide endeavor.

Starting from the ground up, we began to build a comprehensive foundation based on three key talent-centric pillars:

• Organizational agility to help us build cybersecurity expertise across all geographies and within specific domains.
• Future-ready talent for critical positions who are equipped with the appropriate skills and provided development opportunities and extensive training.
• Inclusive leadership empowers team members from diverse backgrounds to thrive and increase cyber security awareness within the organization.

Building a foundation-based talent pipeline and upskilling best practices

Our efforts over the last several years have resulted in a strong – albeit still-evolving – strategy that is built upon industry-influenced and internally developed frameworks for retaining current employees and attracting new ones. It is a people-centric approach that provides us with the best talent and skills to secure the company’s and our customers’ digital infrastructures, protect our products and solutions, and comply with regulations.

The steps we took to build this comprehensive talent strategy include:

1. Company-wide collaboration and alignment: Because securing our company and customer sites is an endeavor that spans across the entire enterprise, we invited various executives who oversee cybersecurity efforts to participate in building our talent and skills strategy. This included various leaders who are part of our cybersecurity defense teams, regional offices, product development, and managed services for customers. It also includes collaborators from various cross-functional support teams such as HR, training, and more.
2. Key roles and functions: When we started building our talent and skills framework, we quickly realized that we needed to document the roles and expertise that were already in place. Thus, we conducted a companywide census that included identifying our existing cybersecurity-related staff and detailing their function, responsibilities, and key skills.
3. Industry-standard role definitions: As a next step, we are defining the type of talent and skills we need to secure our operations and those of our customers. We are aligning our role definitions and related terminology to industry standards, such as the NICE Workforce Framework for Cybersecurity builtby the National Institute of Standards and Technology (NIST). We then create job profiles for both current and future cybersecurity roles in the company that includes responsibilities, required competencies and skills, and other key role-related information. We also document learning, training, certification, cross training, and upskilling paths for each position so people can excel at their job today and prepare to move up in the future.
4. Community support: Setting up a community forum for information sharing, expert guidance, and access to resources and the company’s learning platform was an important part of our strategy. To encourage collaboration, we have monthly calls to encourage the sharing of initiatives among different cybersecurity teams. We also have several hubs with global leaders as influencers and facilitators who can help empower our cyber community by driving engagement and further collaboration.

Committing to a more secure future for our company, customers, and the world

Thanks to the foundation we have built, we now have a talent and skills strategy that supports our commitment to cybersecurity, product security, and data protection as detailed in our Cybersecurity Posture paper. We are grateful for the significant impact these dedicated teams have as they:

• Secure Schneider Electric and customer critical infrastructure worldwide
• Enable a secure digital transformation journey for our customers
• Aid sustainability by protecting our smart products and solutions
• Comply with local rules and regulations worldwide
• Engage collaboratively to raise the awareness of cybersecurity internally

We also are proud to contribute to closing the talent shortage by sharing what we have learned and standardized with organizations like the World Economic Forum, as well as government authorities, customers, and partners.

To learn more about our talent and skills strategy, visit:

• Strategic Cybersecurity Talent Framework (A World Economic Forum white paper – page 32)
• How Managed Services Can Bridge the Cybersecurity Talent Gap (Podcast interview with Industrial Safety and Security Source)
• Bridging the IT talent gap needs more than education (Schneider Electric Blog)