Paying more just means you fill your vacancy at the expense of another firm who has their employee poached. The net effect is that one company is still vulnerable.
They are all in this together? Paying more means you fill your vacancy.
Edit: The cheapskate can follow suit and maybe that convinces one person to undertake the 8-week cert. No more shortage. Or maybe they don't pay more and are DDoS'd out of business. Again, no more shortage.
There are at least one million people in the US who have more than enough experience for an entry-level cybersecurity position; all they need is a few weeks of training (to start) and an employer that isn't demanding twenty years of experience and a CISSP for $50k with crap healthcare and inadequate PTO.
Also, employees are not some company's property. At-will employment goes two ways, and if you want to treat them as if they were property you may as well just turn off the lights now because it will not end well.
Edit: The cheapskate can follow suit and maybe that convinces one person to undertake the 8-week cert. No more shortage. Or maybe they don't pay more and are DDoS'd out of business. Again, no more shortage.