Cybersecurity must take centre stage in the boardroom, writes Martin Ewings, Director of Specialist Markets, Experis, part of ManpowerGroup.
UK businesses are facing a series of regulatory demands, including the much talked about GDPR [general data protection regulation], which is now fewer than 65 days away. Compliance has become a key boardroom issue – with fines for GDPR breaches set at 4pc of annual turnover or €20m, whichever is greater. But this also introduces new IT Security challenges; businesses will not only have to improve processes for reporting breaches but also justify how they collect and store data. In response, business leaders need to demonstrate that they have cybersecurity policies, procedures and skills in place if they are to survive beyond what is being dubbed, “the year of regulation”. Equally, there must also be a longer-term lens as businesses look to the future. The complexity of cyberattacks is increasing and analysts predict that there will be three million unfilled jobs in cyber security worldwide by 2021. Employers must battle for the right skills to ensure their business is safe and compliant.
Despite this imperative, new research reveals that demand for IT Security staff dropped 5% in the past year (from Q4 2016 to Q4 2017). The report showed that despite a 24% year-on-year (Q4 2016 to Q4 2017) increase in the demand for short term IT Security contractors, there was a 10 per cent decrease in demand for the larger market of permanent staff. With this apparent disconnect between the compliance and security imperative, and the skills that organisations are investing in, it’s important that cyber security is addressed first-hand in the boardroom. Here are three key issues that senior executives must consider.
1. Taking cybersecurity beyond a compliance tick box
IT and security staff have, for many years, been primarily focused on the protection of the technology, data and infrastructure, but to meet the stringent new GDPR requirements they will have to broaden their scope and consider the impact on the wider business. With the deadline looming, businesses need to be sure they are ready.
This could explain the surge in demand for contractors, as businesses focus their attentions on plugging the short-term gaps. With concerns rising over the financial penalties for non-compliance, it’s hardly surprising. However, while this may be an effective immediate solution, organisations must not forget the longer-term view. Maintaining compliance with GDPR is not a one-off, and organisations must ensure that they have the necessary security resources in place to remain compliant for the coming years. Having the right people and the right talent will prove essential.
2. Cybersecurity is no longer just an IT issue
Employees are often the weakest link when it comes to cyber security and if cyber criminals can get through to untrained employees, they are much more likely to be successful in hacking into the organisation. Research shows that careless or untrained staff members are the most likely access point for cyber attackers. More than ever, IT Security is becoming a necessary responsibility in every role, and as a result, cyber skills are being embedded across the business, rather than confined to the IT department. This is another way that organisations can effectively use IT contractors. Expert contingent staff can train and upskill permanent staff across the business with the security skills they need to protect against emerging cyber threats; without adding more permanent headcount.
3. Retaining a specialist cyber team
Despite the drop in volume demand for permanent IT security staff, the value of each position on the market has increased significantly. Salaries for these positions rose by 4pc in the past year (from Q4 2016 to Q4 2017). The average salary for a cyber security role in the UK is now £60,004 – much higher than the likes of Mobile (£53,240) and Web Development (£46,154). This greater value can be attributed to the ever more complex cyber security threat that organisations face, as businesses are willing to pay a premium for more specialist security professionals.
The most popular skills that businesses are looking to find for these roles are penetration testing, security architecture and security operations and biometrics. But there is also demand for security teams to have high-end qualifications, such as CISSP (Certified Information Systems Security Professional), SIEM (Security Information and Event Management), IDAM (Identity Access Management), and ArcSight. These specialists will be vital to securing a business’s long-term resilience against the ever more sophisticated cyber onslaught.
Employers are focusing on the short-term priorities, with eyes firmly fixed on compliance. However, the cybersecurity issue that boardrooms across the UK are facing is much bigger than this. The Government estimates that digital skills will be needed for 90pc of jobs in 20 years, and security is fast becoming a crucial part of that. As employees become more of a target for cyber attackers, businesses should capitalise on the presence of expert contractors to train up their wider employee base and complement their more specialised recruiting efforts. With this combination in place, businesses will give themselves a fighting chance of not just winning the short-term battle, but also the long-term cybersecurity war.
