The cybersecurity sector in Quebec and Canada is facing a serious challenge: an acute shortage of qualified workers. As demand for information security surges, organizations are struggling to recruit the talent needed to protect their systems and sensitive data. This shortage of specialized professionals is intensifying year after year, pushing the industry to find innovative solutions. Among these, collaboration among stakeholders in the field is emerging as an essential response to bridge resource gaps while offering clients comprehensive, effective services.
An Unprecedented Cybersecurity Talent Shortage
This isn’t just an impression: the numbers confirm the cybersecurity labor shortage. According to a national study, as early as 2021 Canada had a shortfall of about 25,000 cybersecurity professionals to meet demand. This shortage is part of a global trend, with nearly 2.8 million cybersecurity positions remaining unfilled (an overall vacancy rate of about 28%). In Quebec as elsewhere, organizations are fighting to attract and retain the experts they badly need.
Several indicators reveal the scale of the issue in Canada: a recent survey shows that 70% of Canadian businesses view the lack of skilled staff as a major obstacle to their prosperity, with cybersecurity skills among the most sought after. In addition, three out of four companies struggle to fill full-time positions in the digital space, and cybersecurity roles are among the most difficult to staff. As a direct consequence, even existing teams are overloaded: they must manage an ever-growing number of increasingly sophisticated cyberattacks while being swamped with work due to understaffing.
This scarcity of talent is forcing many organizations to adapt their strategy. In Quebec’s public sector, for example, hiring challenges have led to a heavy reliance on outsourcing: in 2021, 33% of the government’s IT resources came from external firms, while about 1,200 internal positions remained vacant. The private sector is no exception, with a growing dependence on consultants and external partners to carry out cybersecurity mandates.
Cybersecurity Needs That Keep Growing
Several factors are driving this increased demand for cybersecurity professionals. On the one hand, the rise in cyberthreats requires larger teams: attacks are multiplying and affecting organizations of all sizes, from large enterprises to SMEs. On the other hand, regulatory obligations are becoming increasingly stringent. In Quebec, for example, the entry into force of Law 25 (on the protection of personal information) requires companies to adopt new security and compliance measures, calling for deep expertise in data protection. Likewise, international standards are increasing pressure on security teams; overall, compliance has become more challenging due to strengthened regulations, while teams must “do more with less” human resources.
At the same time, companies’ digital transformation—accelerated by the pandemic—has expanded the perimeter to be protected. The shift to remote work, cloud computing, artificial intelligence, the Internet of Things, and other technological innovations create new vulnerabilities to address. As a result, cybersecurity needs are exploding not only in volume but also in the diversity of required skills. Organizations need experts in network security, digital forensics, incident response, penetration testing, governance and compliance, etc. Yet these specialized capabilities are rare, and it is unrealistic to think a single organization can have all of them in-house in sufficient numbers.
Example of cybersecurity domains requiring diverse expertise. In such a vast field—from security posture to digital forensics, including penetration testing and legal compliance—no team is entirely self-sufficient. Collaborating with other experts therefore becomes not only wise but often essential to cover all needs. The good news is that this collaborative approach benefits all players: organizations can fill gaps without necessarily hiring across the board, specialists find more projects to apply their skills, and end clients enjoy a higher level of protection.
Cooperation Among Stakeholders: An Imperative for Effectiveness
In the face of the shortage, cooperation among cybersecurity companies is emerging as a win-win solution. Rather than viewing other providers as competitors to be shut out, many now choose to see them as potential allies. Cybersecurity has always relied on teamwork and trust—whether sharing threat intelligence or pooling human resources. As an Axis Communications report points out, “cybersecurity is first and foremost about trusted partnerships, where all stakeholders—from subcontractors to manufacturers, from installers-integrators to end users—each have an important role to play.” By joining forces, cybersecurity players strengthen their collective resilience against cyberthreats.
In practice, this cooperation can take different forms. A specialist company may call on a trusted partner to support a large-scale project or a highly specific aspect outside its usual scope. Conversely, it may step in as a subcontractor to help a peer meet deadlines or provide a specific skill set for a shared client. Such collaborations make it possible to overcome the individual limits of each entity to better serve market needs.
Benefits of Cooperation in Cybersecurity:
- Greater firepower: by combining their teams, two partners can manage more ambitious projects or handle major incidents more effectively than by working alone. This helps offset staff shortages by distributing the workload.
- Complementary skills: each company brings its core expertise (digital forensics, penetration testing, regulatory compliance, etc.). Pooling these specialized capabilities ensures the client receives a complete solution with no gaps in the security setup.
- Ease for the client: when well orchestrated, cooperation remains transparent to the end client. A lead provider can serve as a single point of contact, managing the project from A to Z while partners work behind the scenes. The client thus benefits from all required competencies without the complexity of coordinating multiple vendors.
In short, collaborating rather than going it alone makes it possible to overcome talent shortages by optimizing the ecosystem’s existing resources. It is a way to do more with less while maintaining a high level of service quality. In a context where cyberthreats evolve quickly, this collective agility becomes a major asset.
Commissionnaires du Québec: Strength in Numbers to Serve Better
At Commissionnaires du Québec, collaboration is a natural part of how we work. With nearly a century of experience in the security field, our organization has learned that uniting expertise leads to far better outcomes. We regularly collaborate with other cybersecurity players, whether acting as a subcontractor supporting a partner or inviting external specialists to join our projects when appropriate. What matters most is always delivering the best possible response to the client’s needs.
This collaborative approach allows us to increase our firepower when necessary. For example, on a major incident analysis mandate requiring many hours of investigation, we can bring in colleagues from partner companies to meet tight deadlines while maintaining investigative rigor. Conversely, we sometimes serve as reinforcements for other cybersecurity providers who call on our teams—for instance, to carry out specific penetration tests or conduct a targeted digital investigation. In every case, the client benefits from this synergy without having to worry about it: coordination is handled internally between partners, and the client retains the simplicity of a single point of contact for the entire project.
By collaborating in this way, Commissionnaires du Québec and its partners can add complementary skills without burdening the company’s permanent structure. It is a flexible, effective model, particularly suited to this period of talent shortage. Rather than turning down a mandate for lack of available resources or risking delivering it with an undersized team, we look for the alternative solution: calling on our network of trusted specialists. This not only ensures the work will be carried out by the best competencies, but also that our clients receive a comprehensive, high-quality, turnkey service.
