Lack of skills puts businesses under cyber-risk

The lack of skills in the IT security department is not only hindering growth of new businesses in the UK, it's also putting current ones at enormous risk of cyber-attacks, according to new research.

The new report, Cybersecurity – protecting your future by Robert Half Technology, says more than three quarters (77 per cent) of businesses are expecting more security threats in the mid-term because of the IT security talent shortage.

The three biggest risks are data abuse, cyber-crime and malware / ransomware. More than a third plans on increasing the headcount, mostly in mid-evel (Information Security Officer and Security Operations Officer), and junior level positions (IT Security Analyst).

More than a quarter (27 per cent) of CIOs in the UK plan on increasing the number of contract IT security professionals in the next 12 months, as well.

On top of it all, the CISO (Cheif Information Security Officer) position is starting to enjoy the importance it deserves, the report says.

“There is no doubt that highly specialised skills are vital. But the ability to clearly articulate cybersecurity issues in a language that senior management and non-IT employees understand will not only increase security awareness but also enhance the reputation of the IT department as business partners who add value across the business,“ says Neil Owen, Director, Robert Half Technology.

“The prominence of cyber breaches has lifted the demand for cybersecurity experts as cyber risk becomes a company-wide point of discussion. An insufficient number of new specialists entering the IT market has forced organisations to consider effective retention programmes, training existing staff, partnering with educational institutions and developing flexible hiring policies that include both permanent and contract specialists. A dynamic IT strategy that brings together the right fit of technology and people is the cornerstone for companies protecting their future.”

The report offers six core steps when developing and implementing an effective security program, including being proactive, using big data and analytics, treating IT security as a continuous enterprise-wide process, keeping an eye out on necessary skills, getting everyone involved and offering support training.

The full report can be found here.

Image Credit: Den Rise / SHutterstock