Cyber security skills shortage leads to increased threats

Only 1 in 4 businesses test their cyber security devices

UK businesses are facing risks to their IT security due to a lack of requisite skills, as the majority (77%) of UK CIOs believe they will face more security threats in the next five years due to a shortage of cyber security talent, according to report Cybersecurity – protecting your future by Robert Half Technology.

UK CIOs believe the top three IT security risks facing organisations in the next five years are data abuse/data integrity (60%), cybercrime (54%) and spying/spyware/ransomware (39%). In response to increased threats, more than a third (34%) of UK CIOs are planning to increase headcount. The positions that are most in demand are IT Security Analyst (junior level), Information Security Officer (mid-level) and Security Operations Officer (mid-level). The appeal of having experts on hand when needed is expected to grow, with 27% of UK CIOs saying they will increase the number of contract IT security professionals in the next 12 months.

According to PwC, the average number of global security incidents increased by more than a third (38%) in 2015, resulting in a 56% increase in the theft of hard intellectual property over 2014. Across the UK, two thirds of large businesses have been hit by a cyber breach or attack in the past year.

Companies are gradually appreciating the importance of hiring a chief information security officer (CISO) who is not only the key player in efficiently managing the IT security process, but also in enhancing internal security awareness across the organisation. Today’s CISO is a senior professional with extensive experience in cybersecurity, governance, risk management and compliance, who is able to effectively manage a team and clearly articulate IT security issues and their implications – as well as insights and solutions – to senior stakeholders.

The escalating fear of data theft, hacking and fraud, compounded with many staff working remotely and with multiple devices means an increased demand for IT security specialists. Cybersecurity experts with the specialist skills needed to help companies recognise and protect themselves against key data security risks are in high demand but, at the same time, challenging to find.

Top five technical skills in IT Security*

  Most in demand Most challenging to find
1 Cloud security (51%) Cloud security (32%)
2 IT security technologies (47%) IT security technologies (29%)
3 Big data / data analytics (37%) Security architecture (26%)
4 Applications security (30%) Hacking / penetration testing (26%)
5 Hacking / penetration testing (30%) Applications security (22%)

Source: Robert Half 2016
*Responses do not total 100 per cent due to rounding

Along with the technical skills and expertise that are necessary for a specific position, the so-called soft skills have also become substantially more important. The ability to analyse data and provide insights, as well as have strong business acumen and communication skills, have developed into essential core skills for an IT security role.

Neil Owen, Director at Robert Half Technology commented: “There is no doubt that highly specialised skills are vital. But the ability to clearly articulate cybersecurity issues in a language that senior management and non-IT employees understand will not only increase security awareness but also enhance the reputation of the IT department as business partners who add value across the business.

“The prominence of cyber breaches has lifted the demand for cybersecurity experts as risk becomes a company-wide point of discussion. An insufficient number of new specialists entering the IT market has forced organisations to consider effective retention programmes, training existing staff, partnering with educational institutions and developing flexible hiring policies that include both permanent and contract specialists. A dynamic IT strategy that brings together the right fit of technology and people is the cornerstone for companies protecting their future.”

CIOs and IT leaders need to keep in mind six core steps when developing and implementing an effective security programme:

1 Be proactive: Develop a policy that will help the company prevent and defend itself against cyberattacks, rather than waiting for a breach.

2 Use big data and analytics: Use the available data to identify which risks are emerging and receding and in which areas you need to implement additional cyber defences.

3 Treat IT security as a continuous enterprise-wide process: While conducting thorough risk and threat analyses, consistently test and re-evaluate existing processes and systems that are designed to minimise the inherent risks.

4 Have the necessary skills: While the demand for cyber security experts is outstripping supply, companies are confronted with a global IT security skills gap. In order to secure the necessary expertise, create a talent pipeline by investing in your existing IT professionals through extensive training or by hiring additional team members.

5 Get everyone involved: Make everyone in the company aware of the risks associated with email, social media and confidential information.

6 Support training: Encourage regular training of all personnel on cyber security policies and corporate practices.