Cybersecurity Is A People Problem
- Date: 05 January, 2020
In 2019, the Government announced a £1.2 billion investment into the UK by global tech companies, pledging funding for 2,500 places on AI and data conversion courses from 2020.
It’s clear that cybersecurity and AI skills are a priority but the actual shortages, which are only expected to get more extreme post-Brexit, call for a much wider skills development push. According to (ISC)2, up to 1.8 million information security-related roles could be unfilled worldwide by 2022. In Europe, the shortfall is projected to be about 350,000, with the UK’s share of unfilled cyber security jobs expected to be around 100,000.
The demand for IT skills is already affecting salaries. IT professionals earned £4,000 more this year on average, compared to 2018, with a premium on cloud, cybersecurity, IT architecture and project management skills.
Each year, Global Knowledge conducts the IT Skills and Salary Report, the largest worldwide study, taking feedback from 12,200 IT professionals from 159 countries. This year the survey revealed that the average global salary for an IT professional is £71,895 – the highest it’s been in the report’s 12-year history. Jobs in cloud computing are commanding the highest salaries. They are 29% larger than the global average, followed by IT architecture and design, programme management and cybersecurity. For Europe, Middle East and Africa, IT professionals in large organisations (5,000+ people) had a 23% salary hike over mid-sized companies.
Cybersecurity and cloud skills dominated the survey’s findings. More than two-thirds of decision makers reported a gap between their team’s skill levels and what was needed to achieve organisational objectives. 81% of IT decision-makers felt cyber skills shortages posed a medium or high risk to their business, with cybersecurity the most difficult tech specialism in which to find qualified talent. This shortage has a detrimental effect on any business, leading to higher levels of employee stress, delays in development of critical projects and loss of revenue.
With talent scarce and costly, especially in crucial areas of AI and cybersecurity, what will companies do to bridge the gap? Some turn to temporary staff and interim managers to cover the shortages, but that can come with risks too. Only 31% of IT decision makers want to bring in contractors or hire additional staff, according to our survey, because of the additional effort to integrate temporary staff as well as the likelihood that key knowledge will leave the business at the end of a freelancer’s temporary contract. Many IT leaders feel that developing their own staff’s skills is the answer. There’s no quick fix. Breaking down the skills and talents needed from Cybersecurity professionals shows that it will take more than a handful of technical wizards to resolve future risks. Ethics has become part of the training for cybersecurity specialists. Clear ethical standards are what separates cybersecurity professionals from the black-hat criminals. Worryingly, the urgency for cybersecurity solutions means that some recently qualified staff are being placed in positions of significant responsibility and access, with only their own moral compasses to rely on for guidance.
Cybercrime is increasing - up 11% across all industries. As the Internet of Things becomes more prevalent, and vulnerabilities in home automation provide additional routes for cybercriminals to access data, the reliance on staff who can design, maintain and improve cybersecurity systems will only get more extreme.
Cybersecurity Insiders and IBM recently reported that the main security-related concerns for businesses are data loss and leakage, and the effect they have on an organisation’s bottom line and reputation. An organisation that experiences data breaches, no matter its size, will feel the financial impact of the breach for years. According to IBM’s estimates, data breaches cost around £125 for each lost or stolen record. The way they envisage addressing this risk is to improve the skills and experience of the workforce.
High profile hacks and data leaks keep cybersecurity in the news. No one should consider themselves beyond reach of a cybercriminal. Some of the world’s leading cybersecurity solution providers have recently been hacked themselves. While technology is part of the solution, to really protect an organisation from cyber-attack, companies need people to keep the systems safe. It’s a cutting-edge problem and there’s no time to wait and see how things play out before resolving the risks. People are behind the problem and they are also the biggest part of the solution.
Source: Today's Boardroom, issue 7 coverage.