The shortage of cyber security professionals with the right balance of technical and management skills is taking its toll. UK organisations are finding it increasingly difficult to source the right sets of skills to manage emerging cyber threats – a trend that could be set to continue for quite some time.
A recent KPMG report revealed that more than half of British firms would consider hiring a hacker or someone with a criminal record to tackle new cyber challenges.
57% agree it has become more difficult to retain staff with specialist cyber skills in the past two years, and nearly the same percentage admit the churn rate is higher for those with cyber skills than IT skills. 52% say there is aggressive headhunting in this field.
New cyber security challenges demand new skills
The KPMG survey of 300 senior IT and HR professionals in the UK also found that 74% of respondents are facing new cyber security challenges that demand new cyber skills. 70% admit their organisation “lacks data protection and privacy expertise”, while 60% are worried about finding cyber experts who can effectively communicate with the business.
A report by the Institution of Engineering and Technology (IET) has revealed that cyber security is among six fast-growth industries that could boost the British economy. The report warns that there is a shortage of the skills required to meet the evolving demands of the industry, however.
These statements lead back to the 2013 study released by the Department for Business, Innovation & Skills, which predicted that demand for cyber skills is set to grow by 13% per year between 2013 and 2017. The National Audit Office has warned that this gap could take 20 years to fill. It goes without saying that if these predictions turn out to be true, UK organisations may struggle to keep up with the evolving cyber threats. The aforementioned KPMG report revealed that about 70% of the respondents are wary of their organisation’s ability to assess incoming threats.
Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy, advises that companies need to be addressing skills shortages specific to their industry:
“Rather than relying on hackers to share their secrets, or throwing money at off the shelf programmes that quickly become out of date, UK companies need to take stock of their cyber defence capabilities and act on the gaps that are specific to their own security needs. It is important to have the technical expertise, but it is just as important to translate that into the business environment in a language the senior management can understand and respond to.”
CISSP, CISM and ISO 27001 among most desirable qualifications
A key finding of the UK Government’s 2014 Cyber Security Skills report is that skills related to implementing secure systems, followed by operational security management, incident management and information risk management, are among the cyber security skills that companies find most difficult to recruit.
Harnessing cyber security skills
I believe that however big or small the skills shortage, with combined efforts by the government, businesses and individuals, it can be tackled. And it’s good to see evidence that some companies are being proactive. 60% of the respondents to the government’s 2014 survey reported some activity to support the development of cyber professionals within their organisation by relying on internal or external cyber training programmes.
To help self-funding delegates and organisations boost cyber security competence, IT Governance has launched a special December training course offer. Anyone who books any December 2014 or January 2015 IT Governance training course before 19 December 2014 will enjoy a 30% discount – based on list price and subject to availability.