Skip to content
Home » Upskilling The Cybersecurity Gap 

Upskilling The Cybersecurity Gap 

Apr 2026
Lim May-Ann

The World Economic Forum has highlighted the global cybersecurity skills shortage as a looming crisis, with more than 90% of organisations experiencing a breach in 2024, which they partially attribute to a lack of cybersecurity skills. Indeed, a 2025 report on cybersecurity skills gaps highlighted a growing anxiety in finding the talent to manage new cybersecurity threats.  

Some estimates have the world lacking over 4m cybersecurity experts, with APAC having a talent deficit of 2.1 million additional cybersecurity professionals to meet current demand for developers, white hat hackers, compliance officers, secure code auditors, incident responders, and others. Asia Pacific organisations reported that it was difficult to find candidates with AI cybersecurity experience, while also expecting to increase roles for AI oversight and governance. 

The Looming Crisis, and Upskilling via Alternative Learning Pathways 

A new approach towards cybersecurity education and professionalisation has emerged over the years: upskilling via alternative learning pathways. To close the cybersecurity skills gap, organisations could consider these alternative approaches:  

  • Accelerated Bootcamps. In Indonesia and Malaysia, “Cyber Bootcamps” and micro-credentialing programs show promise. These programs take workers from adjacent fields—such as network administration, data analysis, or even legal services—and provide them with intensive, 12-week “bridge” courses. By focusing on practical skills like threat hunting and automated log analysis, these initiatives are moving workers into the security workforce in months rather than years.
  • Industry-Led Scalable Education. Initiatives like the Networking Academy demonstrate the power of public-private partnerships in delivering scalable, high-quality technical training. By providing comprehensive curricula that evolve alongside technology, such programs allow students and career-changers to gain industry-recognized certifications that are directly applicable to the current threat landscape, effectively creating a sustainable pipeline of talent. 
  • Drawing from the gender gap. By some estimates, women currently make up less than 25% of the global cybersecurity workforce. Organizations like “Women in Cyber” in Singapore and Australia are proving that by providing targeted mentorship and flexible training modules, the talent pool may be deeper than initially estimated. 
  • Gamification and Simulations with Table-Top Exercises. Approaching cybersecurity training from a practical standpoint by using gamification techniques has also been promoted as a viable learning pathway. Designed as a game where you learn how to deal with and neutralise specific cybersecurity threats, learners are encouraged to “win” against bad actors in the given scenario. (See Australia’s Cyber Invaders as another example of how cybersecurity education and training can be deployed as a game https://cybersecurity.com.au/cyber-invaders/)  
  • AI-Augmented Training. AI – while creating many new threats – is also a powerful upskilling tool, which can be used by junior analysts and/or career pivoters to explain complex vulnerabilities in real-time, or during lessons, to more quickly understand and implement new concepts.

A Roadmap for Regional Upskilling for Cyber Resilience 

There is a growing appreciation towards providing multiple approaches to upskilling, and to bridge this cybersecurity skills divide. Governments can encourage these pathways to upskilling in a number of ways:  

  • Encourage Public-Private Partnerships: Governments could consider subsidies for workers to take up upskilling courses, and could consider providing tax incentives for companies that allow their staff to take up such courses. In addition, there could be other incentives provided to companies that transitions a traditional IT worker into a cybersecurity role successfully, such as retroactively allowing that cost to be tax deductible.  
  • Collaborative Industry Consortiums. To address the specific challenges posed by the rapid integration of AI, governments and the private sector should support collaborative bodies like the AI Workforce Consortium. Such groups are essential for identifying the specific skills required for AI-driven cybersecurity roles and developing training frameworks that ensure workers are equipped to manage AI oversight and governance effectively. 
  • Mutually Recognised Certification Standards: ASEAN and/or APEC could establish an “ASEAN Cyber Skill Standard” or mutually recognised approach that allows a certified professional in Thailand to have their credentials recognized in the Philippines. This will allow a greater pool of cybersecurity professionals to be available in region, increasing Asia Pacific’s cyber resilience. 
  • Baseline Cyber Education and Early Intervention: Cybersecurity logic, basic digital hygiene, and threat awareness should be integrated into the primary school curricula across APAC, helping to raise new generations of cyber-aware citizens with a raised baseline for cyber education.

Conclusion 

Upskilling for cybersecurity today is a core strategic necessity for regional and national digital resilience. CCAPAC offers these suggestions for broadening approaches to cybersecurity education, building a stronger and more cyber-sensitive workforce for the digital economy.