The importance of a whole-of-society approach to cybersecurity

The world continues to face a significant cybersecurity workforce shortage - the (ISC)² 2024 Global Cybersecurity Workforce Gap report estimates it to be 4.7 million, up 19.1% year on year. Such a shortage of cybersecurity professionals leaves critical gaps in national security and economic resilience at a time when cyber threats continue to escalate; targeting all aspects of society across businesses, governments, and individuals.

The question is no longer whether a country can afford to invest in cybersecurity capacity building—it is whether it can afford not to.

With whole-of-society impacts and vulnerabilities from these increasing threats, nations must respond in turn with a whole-of-society approach to cybersecurity capacity building, ensuring that awareness, education, training, and talent development bring together key stakeholders across the population. This holistic approach not only ensures a strengthening of national security but can also be a catalyst for economic growth by tapping into underutilised talent pools and driving innovation.

Cybersecurity: An economic and national security imperative

There are many compelling reasons to invest in cybersecurity capacity building and whole-of-society mobilisation—from fostering digital inclusion and opportunity to upholding the fundamental rights and security of citizens. Strengthening cybersecurity capabilities is not just the right thing to do; it is also a strategic imperative. In an era of heightened geopolitical tensions and economic uncertainty, decision-makers must weigh the broader social benefits alongside the clear economic and national security imperatives. Ensuring a resilient and skilled cybersecurity workforce is not only about fairness and progress but also about securing national interests, protecting critical infrastructure, and maintaining economic stability in an increasingly contested digital environment.

A whole-of-society approach to cybersecurity capacity building is an economic necessity, as the industry faces a severe workforce shortage and underutilisation of available talent. Women, for example, make up nearly half the global workforce but account for only 20-25% of cybersecurity professionals; limiting innovation and resilience. Expanding participation through inclusive education and training unlocks untapped talent, drives economic growth, and strengthens digital competitiveness. Additionally, a well-trained workforce reduces the direct and indirect impact of cyberattacks, which cost businesses billions annually. Governments that fail to invest in cybersecurity workforce development risk economic stagnation, increased vulnerability to cyber threats, and missed opportunities for regional and global leadership, while those that act now will secure their digital economies and create high-value jobs in a rapidly growing industry.

From a national security perspective, cyber capacity building is no longer optional—it is a strategic necessity. Modern cyber threats target not only governments but also critical national infrastructure, including healthcare, financial systems, energy grids, and supply chains, with the potential to disrupt entire economies and destabilise societies. Cyberattacks are increasingly leveraged by hostile states and criminal organisations to undermine national defence, compromise sensitive data, and erode public trust. Without sustained investment in cybersecurity capacity building, nations will struggle to defend against emerging threats, leaving vital institutions exposed to sabotage and systemic disruption. Countries that prioritise cybersecurity capacity building will not only strengthen national resilience but also ensure they remain capable of safeguarding their national sovereignty and economic stability in an era of escalating digital conflict.

Building cybersecurity resilience across society

At its essence, a whole-of-society approach to cyber capacity building is about mobilising all sectors—government, industry, academia, and civil society—to collectively enhance cybersecurity awareness, education, skills development, and workforce pathways, ensuring long-term national resilience and security. Such an approach is necessary because cyber threats impact every aspect of modern life, from national security and economic stability to individual digital safety. This means that no single entity can address these challenges alone. To build a truly resilient and adaptive cybersecurity ecosystem, nations must mobilise key stakeholders and focus on strategic areas that enhance workforce capabilities, promote awareness, and strengthen cybersecurity governance.

A successful cybersecurity capacity-building strategy must identify and align the contributions of multiple stakeholders, including:

• Government which plays a leadership role to develop national cybersecurity strategies, facilitates multi-stakeholder approaches, sets regulatory standards, funds capacity building programs, and drives international cooperation.

• Industry which must invest in cybersecurity workforce development, provide training and upskilling opportunities, and drive innovation in cyber security technologies.

• Education and professional training providers need to respond to government and industry demand and integrate aligned cybersecurity curricula at all levels; from primary schools to higher education and vocational training.

• Civil society and communities can help to raise cybersecurity awareness, engage in digital literacy initiatives, and identify and support vulnerable populations in building cyber resilience.

• International organisations contribute through knowledge sharing and providing support for partner nations in establishing leading practice cybersecurity frameworks and standards.

National strategic priority areas for cybersecurity capacity building that such stakeholders can work together to drive forward might include:

1. Governance and policy

Strong governance and policy frameworks provide the foundation for national cybersecurity resilience. Governments must establish clear national strategies, implement regulatory standards, foster public-private partnerships, and engage in international cooperation to align cybersecurity efforts with economic and security priorities.

2. Education and training pathways

Cybersecurity education should be embedded at all levels across the national ecosystem, from early digital literacy in schools to specialised university programs and vocational training. Expanding learning pathways through apprenticeships, technical certifications, and reskilling initiatives ensures a diverse and adaptable workforce capable of responding to evolving cyber threats.

3. Talent attraction and retention

Attracting and retaining cybersecurity talent requires broadening participation, particularly among underrepresented groups, and offering incentives such as scholarships, fellowships, upskilling, and career development opportunities.

4. Whole-of-society awareness and resilience

Cybersecurity is everyone’s business and is a shared responsibility that extends beyond technical experts to businesses, communities, and individuals. It is important that countries not only build a strong cybersecurity workforce, but also a cybersecure workforce, and cybersecure society. National awareness campaigns, workplace training, and community-driven initiatives can equip citizens with the knowledge to protect themselves from cyber threats, strengthening digital resilience at every level of society.

The time to act is now

Cybersecurity capacity building must be a national priority as it underpins both economic stability and national security and with cyber threats becoming more sophisticated and widespread, a whole-of-society approach that mobilises all sectors is key to governments meeting this challenge.

Policymakers need to simultaneously make long-term sustainable strategic investments in cybersecurity capacity building, whilst at the same time introducing tactical interventions that address immediate workforce shortages and mitigate urgent vulnerabilities.

Countries that act now will strengthen their digital economies, protect critical infrastructure, and position themselves as leaders, whilst those that delay risk falling further behind in an increasingly contested digital landscape.

PGI has supported many countries to develop the infrastructure needed to generate a sustainable pipeline of cyber security practitioners. The whole-of-society approach is vital to our work and we are proud to have worked with stakeholders at all levels society. If you would like to talk about our approach to cyber capacity building, get in touch.