In the field with Absa

At a glance

• Absa addressed its cybersecurity talent challenge by training underprivileged youth, creating both business value and social impact.
• To overcome its lack of in-house experience in education and training, the bank partnered with nonprofit organizations specializing in this field.
• The holistic program combined a cybersecurity academy, a one-year internship and soft skills training to equip participants for long-term success.

Absa Group, one of Africa’s largest diversified financial services providers, faced a significant rise in cyberattacks and with the cybersecurity talent gap widening, the company urgently needed a long-term solution. To meet this demand, the chief security officer launched the Cybersecurity Academy. In partnership with nonprofit institutes, the academy trained underprivileged youth and individuals with visual impairments, providing them with cybersecurity technical skills and behavioral competencies. Upon completion of the three-year program, they received an internationally recognized certification in cybersecurity. Absa then offered the graduates a one-year internship opportunity. This approach fitted well with Absa’s vision of being a “force for good.”

The broader issue

Cyber threats have surged in sophistication and frequency in recent years. In its 2024 Global Risk Report, the World Economic Forum (WEF) ranked cyberattacks as the fourth-largest global risk, just behind misinformation, extreme weather and societal polarization. Financial institutions are especially vulnerable due to the vast amounts of sensitive data and transactions they manage, making them prime targets for cybercriminals seeking financial gain or disruption. In an April 2024 article, the IMF warned that nearly one-fifth of all cyberattacks target the financial sector, posing a serious threat to global financial stability.

A strong cybersecurity workforce is essential to defending against these threats. Yet the global demand for cybersecurity professionals has outpaced supply, leaving over 4 million positions unfilled, a shortfall projected to reach 85 million by 2030. To fill this gap, the WEF, along with 50 public and private partners, launched the Cybersecurity Talent Framework, which outlines four strategic priorities: attracting, educating, recruiting and retaining cybersecurity professionals.

Building cybersecurity talent is not just a defensive necessity, it also presents an opportunity for positive social impact. Companies can help bridge the skills gap while contributing to workforce inclusion, education and economic resilience. Employers such as IBM, Bosch and Barclays have all launched apprenticeship programs to train workers for tech roles.

Absa Cybersecurity Academy

Absa is a 150-year-old multinational banking and financial services group based in Johannesburg, South Africa. Confronted with the choice of hiring scarce cybersecurity talent or developing it in-house, Absa saw an opportunity during an organizational restructuring that affected several call center employees. The chief security officer at the time launched a one-year internal reskilling program to transition these employees into cybersecurity roles. The foundation was laid for what would become the Cybersecurity Academy.

Turning a challenge into a strategic opportunity

Lacking the skills and resources to set up an education program independently, Absa considered an external partnership with a nonprofit organization that provided free education to disadvantaged and unemployed youths.

The idea of training underprivileged young people to bridge the cybersecurity gap was unprecedented, and not without risk. The financial investment was significant, and success was uncertain: participants came from disadvantaged backgrounds, with no guarantee they would acquire the skills needed for cybersecurity roles. Moreover, any return on investment would take years to realize.

Still, there were strong reasons to move forward. Cybercrime was rising, Absa faced growing vulnerability, cybersecurity talent in Africa was scarce, and much of it was leaving for better opportunities abroad. In the end, the decision to invest for the long term served a dual purpose: the partnership offered the advantage of simultaneously addressing a critical skills gap and South Africa’s high youth unemployment rate, thus aligning with Absa’s vision of being a “force for good” that blended business priorities with social responsibility. Consequently, the board approved a pilot program for a first cohort who, upon successful graduation, could be considered for junior cybersecurity roles.

Launch of the academy

Absa launched the academy in Johannesburg with a pilot program for 24 students. Its aim was to uplift impoverished and marginalized youths by providing them with comprehensive cybersecurity training. By the end of the three-year program, participants would be certified cybersecurity analysts.

The program quickly attracted international interest and the Absa Cybersecurity team won several awards, in both the nonprofit and cybersecurity fields. These recognitions helped the team gain board support to enlarge the program. Eighteen months after the pilot launched, the academy opened a new location in Cape Town.

Integration into the workforce

When the first cohort was set to graduate, Absa management was hesitant to hire them directly. The academy had successfully delivered skilled cybersecurity talent, but were the graduates ready for full-time employment in a demanding professional environment? To facilitate the transition, they were brought on as interns, receiving a one-year opportunity to put their knowledge into practice with sufficient time to integrate into Absa’s work culture.

Challenges were identified early on; not surprisingly, many of the interns were less proficient in areas often taken for granted in corporate environments, such as effective communication and understanding their line managers’ priorities. Several interns lacked presentation skills and awareness of how to conduct themselves in professional settings. Time management was a recurring challenge, from arriving at work promptly to being on time for meetings.

A senior leader from the cybersecurity team was appointed as program anchor. Her first task would be to guide graduates through their year-long internship and support their integration. The team incorporated targeted soft skills training into the internship, focusing on workplace etiquette, communication and accountability. Interviewing skills were introduced near the end of the internship to prepare interns for applications and the competitive job market.

“We’re only going to continue this if we can provide jobs for them. It takes real leadership to see this through, to create opportunities where they are most needed.” Manoj Puri, Chief Security Officer

Did it work?

As the first cohort’s internship period drew to a close, Absa’s management remained uncertain about offering them full-time positions. Although the interns had shown determination, they lacked the depth of expertise necessary to handle the complexities of Absa’s cybersecurity operations. Nevertheless, the company decided to take a chance on them and offered permanent positions to 19 graduates from the first cohort; these academy-trained employees made up nearly 10% of Absa’s cybersecurity division.

As the program matures, Absa knows it will be challenging to find permanent employment within the organization for all graduates. The demand for places in the academy – over 1,000 applicants each year – far exceeds the capacity of 20 to 24 students per class and 20 available internships. To scale the cybersecurity program beyond Absa’s internal capacity, the team has taken on the task of building partnerships with other industry players, meeting with Absa’s technology suppliers and offering them the opportunity to hire cybersecurity graduates upon program completion.

Absa’s Cybersecurity Academy has proven to be more than just a training ground for cybersecurity talent; it is also a model for corporate social responsibility (CSR) in action. The company hopes that other organizations will follow suit to build local talent pipelines to foster the critical skills needed for a sector that is vital to all industries, while also helping vulnerable communities.

Takeaways

Absa’s journey illustrates how a business can tackle a critical skills shortage while creating meaningful social impact, offering a model for organizations seeking to align business success with societal good.

• Doing well by doing good

Absa’s Cybersecurity Academy shows that contributing to the common good can go hand-in-hand with delivering strong business results. Strategic CSR creates value for both society and the organization.

• Leadership and integration matter

By embedding talent development into its CSR strategy and backing it with strong leadership commitment, Absa demonstrated how companies can address critical skills shortages while creating meaningful social value.

• Future-ready talent pipeline

With technology evolving rapidly, companies must invest in developing new talent for a changing world. Innovative approaches such as certifications, internships and hands-on training help close skills gaps and prepare individuals for the demands of tomorrow’s job market.

• Long-term solution to talent shortages

Instead of relying solely on hiring from other companies or reskilling existing staff, Absa created a more sustainable solution by educating and training new professionals.

• Power of partnerships

Collaborating with educational and social organizations gave Absa access to expertise, enhanced its brand image, increased social impact, boosted employee engagement and strengthened talent attraction.

This article is based on IMD case IMD-7-2642, available from The Case Centre at http://www.thecasecentre.org.

Share

Get shareable link

Copy