UK businesses are facing a series of regulatory demands, including the much talked about GDPR, which is now fewer than 65 days away. Compliance has become a key boardroom issue – with fines for GDPR breaches set at 4% of annual turnover or €20m, whichever is greater. But this also introduces new IT Security challenges; businesses will not only have to improve processes for reporting breaches but also justify how they collect and store data. In response, business leaders need to demonstrate that they have cybersecurity policies, procedures, and skills in place if they are to survive beyond what is being dubbed, 'the year of regulation'. Equally, there must also be a longer-term lens as businesses look to the future. The complexity of cyber attacks is increasing and analysts predict that there will be three million unfilled jobs in cybersecurity worldwide by 2021. Employers must battle for the right skills to ensure their business is safe and compliant.
Despite this imperative, new research reveals that demand for IT Security staff dropped 5% in the past year (from Q4 2016 to Q4 2017). The report showed that despite a 24% year-on-year (Q4 2016 – Q4 2017) increase in the demand for short-term IT Security contractors, there was a 10% decrease in demand for the larger market of permanent staff. With this apparent disconnect between the compliance and security imperative and the skills that organizations are investing in, it’s important that cybersecurity is addressed first-hand in the boardroom.
Here are three key issues that senior executives must consider.
1. Taking cybersecurity beyond a compliance tick box
IT and security staff have, for many years, been primarily focused on the protection of the technology, data, and infrastructure, but to meet the stringent new GDPR requirements they will have to broaden their scope and consider the impact on the wider business. With the deadline looming, businesses need to be sure they are ready.
This could explain the surge in demand for contractors, as businesses focus their attention on plugging the short-term gaps. With concerns rising over the financial penalties for non-compliance, it’s hardly surprising. However, while this may be an effective immediate solution, organizations must not forget the longer-term view. Maintaining compliance with GDPR is not a one-off, and organizations must ensure that they have the necessary security resources in place to remain compliant for the coming years. Having the right people and the right talent will prove essential.
2. Cybersecurity is no longer just an IT issue
Employees are often the weakest link when it comes to cybersecurity and if cybercriminals can get through to untrained employees, they are much more likely to be successful in hacking into the organization. Research shows that careless or untrained staff members are the most likely access point for cyber attackers. More than ever, IT Security is becoming a necessary responsibility in every role, and as a result, cyber skills are being embedded across the business, rather than confined to the IT department. This is another way that organizations can effectively use IT contractors.
Expert contingent staff can train and upskill permanent staff across the business with the security skills they need to protect against emerging cyber threats; without adding more permanent headcount.
3. Retaining a specialist cyber team
Despite the drop in volume demand for permanent IT security staff, the value of each position on the market has increased significantly. Salaries for these positions rose by 4% in the past year (from Q4 2016 to Q4 2017). The average salary for a cybersecurity role in the UK is now £60,004 – much higher than the likes of Mobile (£53,240) and Web Development (£46,154). This greater value can be attributed to the ever more complex cybersecurity threat that organizations face, as businesses are willing to pay a premium for more specialist security professionals.
The most popular skills that businesses are currently looking to find for these roles are penetration testing, security architecture and security operations and biometrics. But there is also demand for security teams to have high-end qualifications, such as CISSP (Certified Information Systems Security Professional), SIEM (Security Information and Event Management), IDAM (Identity Access Management), and ArcSight. These specialists will be vital to securing a business’s long-term resilience against the ever more sophisticated cyber onslaught.
Employers are focusing on the short-term priorities at the moment – with eyes firmly fixed on compliance. However, the cybersecurity issue that boardrooms across the UK are facing is much bigger than this. The Government estimates that digital skills will be needed for 90% of jobs in 20 years’ time and security is fast becoming a crucial part of that. As employees become more of a target for cyber attackers, businesses should capitalize on the presence of expert contractors to train up their wider employee base and complement their more specialized recruiting efforts. With this combination in place, businesses will give themselves a fighting chance of not just winning the short-term battle, but also the long-term cybersecurity war.