Cyber security talent shortage: Business is struggling to keep up with sophisticated criminals

Concerns about cyber security are growing in prominence, but companies and law enforcement agencies are still playing catch-up in their attempts to counter ever more sophisticated cyber criminals. While the cyber attacks on TalkTalk and Ashley Madison have made headlines around the world, the day-to-day business of protecting a company against attack goes largely unnoticed. 

 

Understandably, companies do not wish to talk publicly about the vulnerabilities they face, but the reality is that the threat is growing and there are too few people with the necessary expertise to fill the sector’s job vacancies. 

 

The statistics are alarming. City of London Police commissioner Adrian Leppard recently warned that cyber crime may have surpassed the drugs trade in terms of the threat it poses and cautioned that the police are under-resourced to deal with such a significant issue.

 

 

A report this year from PwC found that 90 per cent of Britain’s large-scale companies had been hit by security breaches. The growing scale and potential impact of cyber crime increasingly threatens to affect consumers, businesses and the public sector in more advanced and damaging ways.

 

The issue is becoming a prominent agenda item for a growing number of organisations, particularly in the financial services sector: HSBC has appointed Lord Evans of Weardale, the former director general of the UK Security Service, to its board and Standard Chartered has recruited Sir Iain Lobban, former director of GCHQ, to advise its board on financial crime and cyber security matters. Boards – across industry sectors – must assess the potential risk impact and cost of a cyber breach, and determine whether they are adequately prepared to deal with the threats cyber criminals pose. The potential impact of a breach is clear.

 

High-profile hires such as those at HSBC and Standard Chartered signal the growing cause for alarm among companies, but are they able to find the right people to tackle the threat and are we training enough people in this area?  

 

 

A survey of UK cyber security employers last year by the SANS Institute found that 90 per cent had experienced difficulties filling positions. Moreover, with job vacancies in cyber security rising over 100 per cent in the last year, suitable candidates are in increasingly high demand. Across the cyber security sector, full time salaries are rising by around 10 per cent year-on-year and contractor rates by around 16 per cent in response to the growing level of demand. Indeed, our specialist recruitment practice in this space, IQ InfoSec, is observing a significant gap in skilled information security personnel at the analytical level. 

 

As consumers, we need to take heed of this – we must take personal responsibility for our online security, and ask whether the government and other organisations are doing enough to promote cyber security skills and protect our data.

 

The need for further investment in training and development is paramount. A prime focus for education should be to both promote online security and to develop people with the skills required to defend companies against ever more sophisticated attacks over the next five years. This is a critical issue for the UK as a whole; the government and business community need to ensure that we are all properly prepared against the unavoidable cyber threat.