IT security skills shortage leads to increased threats

12 July 2016
  • 77% of UK CIOs believe they will face more security threats in the next five years due to a shortage of IT security talent
  • UK CIOs believe ‘data abuse/data integrity’ is the top IT security risk facing businesses over the next five years
  • Candidates with cloud security skills are most in demand but also most challenging to find

London, 12 July 2016 – UK businesses are facing risks to their IT security due to a lack of requisite skills, as the majority (77%) of UK CIOs believe they will face more security threats in the next five years due to a shortage of IT security talent, according to report Cybersecurity – protecting your future1 by Robert Half Technology.

UK CIOs believe the top three IT security risks facing organisations in the next five years are data abuse/data integrity (60%), cybercrime (54%) and spying/spyware/ransomware (39%). In response to increased threats, more than a third (34%) of UK CIOs are planning to increase headcount. The positions that are most in demand are IT Security Analyst (junior level), Information Security Officer (mid-level) and Security Operations Officer (mid-level). The appeal of having experts on hand when needed is expected to grow, with 27% of UK CIOs saying they will increase the number of contract IT security professionals in the next 12 months.

According to PwC2, the average number of global security incidents increased by over a third (38%) in 2015, resulting in a 56% increase in the theft of hard intellectual property over 2014. Across the UK, two thirds of large businesses3 have been hit by a cyber breach or attack in the past year.

Companies are gradually appreciating the importance of hiring a Chief Information Security Officer (CISO) who is not only the key player in efficiently managing the IT security process but also in enhancing internal security awareness across the organisation. Today’s CISO is a senior professional with extensive experience in cybersecurity, governance, risk management and compliance, who is able to effectively manage a team and clearly articulate IT security issues and their implications – as well as insights and solutions – to senior stakeholders.

The escalating fear of data theft, hacking and fraud, compounded with many staff working remotely and with multiple devices means an increased demand for IT security specialists. Cybersecurity experts with the specialist skills needed to help companies recognise and protect themselves against key data security risks are in high demand but, at the same time, challenging to find.

Top five technical skills in IT Security*

 

Most in demand

Most challenging to find

 1 

Cloud security (51%)

Cloud security (32%)

2

IT security technologies (47%)

IT security technologies (29%)

3

Big data / data analytics (37%)

Security architecture (26%)

4

Applications security (30%)

Hacking / penetration testing (26%)

5

Hacking / penetration testing (30%)

Applications security (22%)

 

 Source: Robert Half 2016. *Responses do not total 100 per cent due to rounding

Companies are gradually appreciating the importance of hiring a Chief Information Security Officer (CISO) who is not only the key player in efficiently managing the IT security process but also in enhancing internal security awareness across the organisation. Today’s CISO is a senior professional with extensive experience in cybersecurity, governance, risk management and compliance, who is able to effectively manage a team and clearly articulate IT security issues and their implications – as well as insights and solutions – to senior stakeholders.

Along with the technical skills and expertise that are necessary for a specific position, the so called soft skills have also become substantially more important. The ability to analyse data and provide insights, as well as have strong business acumen and communication skills, have developed into essential core skills for an IT security role.

Neil Owen, Director, Robert Half Technology commented: “There is no doubt that highly specialised skills are vital. But the ability to clearly articulate cybersecurity issues in a language that senior management and non-IT employees understand will not only increase security awareness but also enhance the reputation of the IT department as business partners who add value across the business.

“The prominence of cyber breaches has lifted the demand for cybersecurity experts as cyber risk becomes a company-wide point of discussion. An insufficient number of new specialists entering the IT market has forced organisations to consider effective retention programmes, training existing staff, partnering with educational institutions and developing flexible hiring policies that include both permanent and contract specialists. A dynamic IT strategy that brings together the right fit of technology and people is the cornerstone for companies protecting their future.”

CIOs and IT leaders need to keep in mind six core steps when developing and implementing an effective security programme:

  1. Be proactive: develop a policy that will help the company prevent and defend itself against cyberattacks, rather than waiting for a breach
  2. Use big data and analytics: use the available data to identify which risks are emerging and receding and in which areas you need to implement additional cyber defences
  3. Treat IT security as a continuous enterprise-wide process: while conducting thorough risk and threat analyses, consistently test and re-evaluate existing processes and systems that are designed to minimise the inherent risks
  4. Have the necessary skills: while the demand for cybersecurity experts is outstripping supply, companies are confronted with a global IT security skills gap. In order to secure the necessary expertise, create a talent pipeline by investing in your existing IT professionals through extensive training or by hiring additional team members
  5. Get everyone involved: make everyone in the company aware of the risks associated with email, social media and confidential information
  6. Support training: encourage regular training of all personnel on cybersecurity policies and corporate practices

- ENDS -

Notes to editors

1 The annual global study was developed by Robert Half UK and is conducted by an independent research firm.  The study is based on more than 100 responses from CIOs and IT and technology executives from companies across the UK. The results segmented by company size, sector and geographic location.

2 PwC, The Global State of Information Security Survey 2016, Turnaround and transformation in cybersecurity

3 GOV.UK, Two thirds of large UK businesses hit by cyber breach or attack in past year

About Robert Half
Robert Half is the world’s first and largest specialised recruitment consultancy; a member of the S&P 500 and #1 in our industry on FORTUNE® magazine’s “World's Most Admired Companies” list (2015). Founded in 1948, the company has over 325 offices worldwide providing temporary, interim and permanent recruitment solutions for accounting and finance, financial services, technology and administrative professionals. Robert Half offers workplace and job seeker resources at roberthalf.co.uk and twitter.com/roberthalfuk.