China is facing a shortage of cybersecurity talent, according to the Ministry of Industry and Information Technology (MIIT), providing an obstacle to the country’s goal of further developing the digital economy in the coming years.
There is a severe “imbalance” in the supply and demand of cybersecurity talent in China, a report published by the MIIT on Tuesday said. In addition to a general labour shortage, the industry also faces a skills mismatch, according to the report.
While there is a ready supply of workers for low-end operation, maintenance, technical support and risk evaluation, there is a lack of high-end talent that understands both the business and technical sides of the industry, according to the MIIT.
Cybersecurity has been a growing concern amid the Covid-19 pandemic, during which cyberattacks have been on the rise. Demand for cybersecurity talent grew 40 per cent in the first half of 2021 year on year, according to the report.
The MIIT also estimated in a three-year plan in July that the industry could be worth more than US$38.6 billion by 2023.
The agency’s latest report was published during China’s eighth annual “cybersecurity week”, when central and local authorities promote good cybersecurity practices through a range of activities that include exhibitions and knowledge contests held in cities across China. A conference is also being held in Xian, this year’s host city, and the week’s theme is “cybersecurity for the people, by the people”, according to the event’s official website.
China has fleshed out its cybersecurity governance framework this year with multiple new laws and regulations, but businesses are still waiting for additional guidance to explain what this means for them operationally.
China’s most prominent rules on cybersecurity were passed in 2017 with the Cybersecurity Law. But this year’s Data Security Law, which went into effect last month, and Personal Information Protection Law, effective November 1, added restrictions that are expected to have a big impact on companies with data-driven profit models – which includes most large internet firms.
Another draft regulation, released by the Cyberspace Administration of China (CAC), has raised scrutiny of overseas public listings on the grounds that exposed data could pose risks to national security.
The Chinese government has grown increasingly concerned about that data held by the country’s tech giants this year. Ride-hailing firm Didi Chuxing was first and most high-profile company to be ensnared in a cybersecurity probe over the summer after a US$4 billion initial public offering in New York. Didi had pushed ahead with the IPO even after the CAC had raised concerns.
The new MIIT report noted that China’s 14th five-year plan, for the period 2021 to 2025, mentions cybersecurity and data security a total of 18 times. It also includes a chapter dedicated to the development of the digital economy, and calls for more detailed guidance to “cultivate” cybersecurity talent, including boosting educational resources.
The MIIT’s plan from July also mandates that key industries such as telecommunications devote 10 per cent of their budget for information technology upgrades to cybersecurity by 2023.Internet Explorer Channel Network