British organizations are suffering from a lack of IT security talent, with 77% of CIOs in the UK believing they will face more security threats in the next five years as a result.
That’s according to new research from Robert Half Technology, whose report Cybersecurity – protecting your future shines a light on some of the most sought after and difficult to find technical skills in IT security.
Of the 100 CIOs and IT and technology executives polled, 60% noted data abuse/data integrity as the biggest security risk facing companies in the approaching years with cybercrime (54%) and spying/spyware/ransomware (39%) coming in second and third, respectively.
As a result, more than a third of respondents are planning to increase headcount to help deal with increased threats, recognizing the importance of hiring cybersecurity experts with the specialist skills needed to aid companies in detecting and protecting themselves against key data security risks.
However, this is proving to be easier said than done, with candidates with cloud security skills the most in demand but also most challenging to find, according to the research. Further, recruits with knowledge of IT security technologies and security architecture were also quoted as being difficult to come across as companies struggle to fill much-needed positions such as IT security analysts (junior level), information security officers (mid-level) and security operations officers (mid-level).
“The latest Robert Half report findings reaffirm the growing economic impact of the cybersecurity skills deficit,” Dr Adrian Davis, European MD at (ISC)2, told Infosecurity. “Yet if businesses want to avert risks to their IT security, they need to focus not just on hiring information security specialists, but on spreading information security awareness widely among the rank and file and building cybersecurity into everything from their procurement policies to their HR strategy."
Businesses need to recognize that hiring more people alone is not sufficient to make an organization truly secure, added Davis. Continuous training and education is also needed to ensure staff stay abreast of the latest technological changes and emerging threats and keep up to date with current best practice.
Neil Owen, Director of Robert Half Technology, holds a similar view:
“There is no doubt that highly specialized skills are vital, but the ability to clearly articulate cybersecurity issues in a language that senior management and non-IT employees understand will not only increase security awareness but also enhance the reputation of the IT department as business partners who add value across the business," argued Owen.
The prominence of cyber breaches has lifted the demand for cybersecurity experts as cyber risk becomes a company-wide point of discussion, he added.
“An insufficient number of new specialists entering the IT market has forced organizations to consider effective retention programs, training existing staff, partnering with educational institutions and developing flexible hiring policies that include both permanent and contract specialists. A dynamic IT strategy that brings together the right fit of technology and people is the cornerstone for companies protecting their future.”