IT Skills Shortage: Strategies Beyond Recruiting
3 min read
TL;DR
In the digital age, cybersecurity is a top priority for companies. The German Federal Office for Information Security (BSI) reports that 178.6 billion euros in economic damage were caused by cyberattacks in 2022. The BSI also warns of increasing threats from cybercriminals. To protect against these threats, companies must implement comprehensive security measures. This includes not only technical solutions but also regular employee training and clear guidelines. The BSI recommends using strong passwords, multi-factor authentication (MFA), and regular software updates. In addition, companies should have an incident response plan in place to quickly respond to security breaches. The BSI emphasizes the importance of regular security audits and penetration tests to identify and close vulnerabilities. Companies should also be prepared for the upcoming NIS2 and DORA regulations, which will impose stricter requirements for cybersecurity. Overall, a proactive approach to cybersecurity is essential to protect companies from the ever-increasing threats in the digital world.
Cybersecurity: A top priority for companies
The digital transformation has brought numerous advantages, but it has also increased the risk of cyberattacks. According to the BSI, companies in Germany faced 178.6 billion euros in economic damage due to cyberattacks in 2022. This highlights the urgent need for comprehensive cybersecurity measures.
Cybercriminals are becoming increasingly sophisticated, using advanced techniques to infiltrate company networks. Phishing attacks, ransomware, and data breaches are just a few examples of the threats companies face. To protect against these dangers, it is crucial to implement a multi-layered security strategy.
Technical solutions such as firewalls, intrusion detection systems (IDS), and encryption play a central role in cybersecurity. However, technology alone is not enough. Regular employee training is essential to raise awareness of potential threats and promote a security-conscious culture within the company.
The BSI recommends several measures to enhance cybersecurity. These include using strong, unique passwords for each account, implementing multi-factor authentication (MFA), and regularly updating software and security patches. Additionally, companies should have an incident response plan in place to quickly and effectively respond to security breaches.
Regular security audits and penetration tests are also important to identify and close vulnerabilities in the company’s IT infrastructure. These measures help to proactively detect and mitigate potential threats before they can cause damage.
In addition to these technical and organizational measures, companies must prepare for upcoming regulatory changes. The NIS2 and DORA regulations will impose stricter requirements for cybersecurity, making it even more important for companies to invest in comprehensive security measures.
The BSI emphasizes that a proactive approach to cybersecurity is essential. By implementing a combination of technical solutions, regular training, and clear guidelines, companies can significantly reduce the risk of cyberattacks and protect their valuable data.
FAQs
What are the most common types of cyberattacks?
The most common types of cyberattacks include phishing, ransomware, and data breaches. Phishing involves tricking employees into disclosing sensitive information, while ransomware encrypts data and demands a ransom for its release. Data breaches occur when unauthorized individuals gain access to sensitive information.
How can companies protect themselves from cyberattacks?
Companies can protect themselves from cyberattacks by implementing a multi-layered security strategy. This includes using technical solutions such as firewalls and encryption, as well as regular employee training and clear guidelines. Additionally, companies should have an incident response plan in place to quickly respond to security breaches.
What are the upcoming regulatory changes in cybersecurity?
The upcoming NIS2 and DORA regulations will impose stricter requirements for cybersecurity. Companies must prepare for these changes by investing in comprehensive security measures and ensuring compliance with the new regulations.
Conclusion
In the digital age, cybersecurity is a top priority for companies. The increasing threat of cyberattacks requires a proactive approach to protect valuable data and ensure business continuity. By implementing comprehensive security measures and preparing for upcoming regulatory changes, companies can significantly reduce the risk of cyberattacks and safeguard their digital assets.
The Key Points
- Germany is short of 149,000 IT professionals – and the trend is rising.
- Upskilling existing employees is 3-5 times cheaper than external recruitment.
- Remote work and international hiring expand the talent pool by a factor of 10.
- AI and low-code reduce the need for specialized developers for routine tasks.
- Employer branding in tech communities (GitHub, meetups, conferences) has a stronger impact than job advertisements.
149,000 unfilled IT positions in Germany. An average of 7 months to fill a role. Signing bonuses of over 10,000 Euros. The IT skills shortage is not a new problem – but previous solutions have fallen short.
More recruiters, higher salaries, and better job ads help – but only marginally. The companies that manage the skills shortage best are taking a broader approach: upskilling, international hiring, AI augmentation, and fundamental changes in work organization.
Upskilling: The Underestimated Strategy
Recruiting an external IT specialist costs an average of 30,000 to 50,000 Euro (recruitment, onboarding, productivity ramp-up). In contrast, upskilling an existing employee to become a cloud architect, data analyst, or security specialist costs between 5,000 and 15,000 Euro.
Bootcamps and certifications (3-6 months) qualify employees from adjacent fields (system administration → cloud, data analysis → data engineering). Cloud certifications (AWS, Azure, GCP) offer structured learning paths with measurable outcomes.
Internal academies: Companies like Siemens and Bosch operate their own tech academies. For small and medium-sized enterprises: learning budgets (2,000 to 5,000 Euro per employee per year), learning days (one day per month for professional development), and mentoring programs.
International Hiring: The Expanded Talent Pool
Remote work enables hiring across borders. Platforms like Deel, Remote.com, and Oyster simplify the legal complexities: employment contracts, payroll, social security, and taxes in the target country – all as a service.
Particularly attractive are Eastern Europe (Poland, Romania, Ukraine – strong IT education, acceptable time zones), Portugal and Spain (growing tech scenes, EU-compliant), and Latin America (for US time zones, but also increasingly relevant for European companies).
AI as a Productivity Multiplier
Instead of hiring 5 developers, you can equip 3 developers with AI tools to achieve 5 times the productivity. GitHub Copilot boosts coding productivity by 30-55% (GitHub study). Claude and GPT automate code reviews, documentation, and test generation.
Low-code platforms like Power Platform and Mendix enable business departments to build 70% of business applications themselves – without IT developers. This frees up the IT department for complex, strategic tasks.
Employer Branding in Tech Communities
Job listings on StepStone and Indeed reach IT professionals who are actively seeking new opportunities – that’s 15-20%. The remaining 80% need to be engaged where they spend their time: GitHub (open-source contributions), meetups and conferences (talks, sponsorships), tech blogs (company engineering blogs), LinkedIn (tech content, not HR posts).
The strongest draw: exciting technical challenges, modern technology stacks, and an engineering culture that promotes autonomy and learning.
Organizational Measures
Flexible Work Models: 60% of IT professionals would switch employers for full-remote or flexible hybrid models. Rigid mandatory attendance is the fastest way to lose talent.
Competitive Compensation: IT salaries in Germany have increased by 5-8% in 2024. Companies that pay below market rate lose out not only in recruiting but also in retention. Transparent salary bands build trust.
Diversity: Women make up only 17% of the IT workforce. Companies that actively promote diversity (mentoring, inclusive job postings, flexible working hours) tap into a largely untapped talent pool.
Frequently Asked Questions
How severe is the IT skills shortage?
The Bitkom (German Association for Information Technology, Telecommunications and New Media) estimates the gap at 149,000 unfilled IT positions (2024). By 2030, this shortfall could grow to 300,000. Particularly affected are cloud, security, data, and AI – precisely the areas with the highest strategic demand.
What are the costs of international hiring?
Employer-of-Record services (Deel, Remote) cost 500-700 € per month per employee. Gross salaries vary greatly by country: A senior developer in Portugal earns 40-60k €, in Poland 35-55k €, and in Germany 70-100k €. Total cost of ownership, including service fees, is 20-40% lower than in Germany.
How do you integrate remote employees abroad?
Define shared working hours (at least 4-5 hours of overlap). Schedule regular video calls and team offsites (quarterly). Make asynchronous documentation the standard. Foster cultural sensitivity and inclusion in team rituals. Use the same tools and processes as for local teams.
Is an engineering blog worth the effort?
Yes, in the long run. A blog with 2-4 technical articles per month positions the company as a tech employer, improves SEO for tech keywords, and gives developers a platform. The effort is manageable: 2-4 hours per article, written by developers sharing their knowledge.
What role does AI play in the skills shortage?
AI plays a dual role: it boosts the productivity of existing teams (Copilot, automation) and reduces the need for specialized developers for routine tasks (low-code, AI-generated code). At the same time, the demand for AI specialists increases – shifting the shortage but not solving it entirely.
Image source: Pexels / Tim Mossholder
