Almost half of all UK businesses admit to lacking the skilled people they need to address increased cyber-threats. This isn’t hugely surprising when cyber security professionals have an unemployment rate of 0%.
It’s an uncomfortable reality. But in our ever more data-centric world, cyber crime has continued to outpace many businesses’ cyber security capabilities. Last year (2019), 61% of UK businesses reported a cyber security incident — 16% more than the year before. The dramatic transition to remote workflows in 2020 has only increased the risks.
The cyber security skills shortage is very real. Your business isn’t alone, but what can you do about it? To help, we’ve put together three steps you can take to ease the pressure and fill the skills gap — keeping your business safe in an increasingly uncertain environment. Let’s get started.
Step 1: Build more efficient automated security systems
Simply put, the more efficient and automated your cyber security systems are, the fewer skilled professionals you will need to manage them. Not only will this ease the pressure of needing resources to address threats, but it will also save you a fair amount of money in payroll.
So we always recommend starting here.
However, while this is a smart, long-term approach to reducing the talent you need for cyber security, it doesn’t eliminate the need for resources to help you get there right now.
A mistake we see a lot of businesses make is hiring a bunch of full-time staff to help them automate away their need for cyber security resources. This is inefficient, challenging to execute, and may require you to get people that you’d struggle to recruit in the first place.
Our suggestion: it’s far more cost-effective to hire external support for this task than it is to try to build a team in house. If you want help creating a more efficient and effective cyber security process and technology stack, get in touch. We’ll come back to the value of strategic partnerships — but, first, let’s talk about recruiting an in house cyber security team (you’ll still need one).
Step 2: Always be recruiting
In any competitive market, finding the best talent has to be viewed as an ongoing process. Before COVID, when UK unemployment was at a near all-time low, the number of open job opportunities rose to a near all-time high.
The situation the cyber security market finds itself in today is worse, far worse. Cybersecurity Ventures estimates that:
- There will be 3.5 million unfilled cybersecurity jobs globally by 2021
- This will be 3.5x what it was just seven years before in 2014
That’s why the best advice we can give any business in this respect is to treat cyber security recruiting like a continuous process (i.e. always be looking for talent), not just putting up job postings when you need an additional resource.
Simply put, the best talent has options. So when they’re available, you need to be ready to bring them on board right away, whenever that may be. Otherwise, you may miss out.
Pro Tip: Look for talent in non-traditional places
According to a 2018 Deloitte report, a lot of businesses miss out on cyber security talent because they overlook candidates from outside the cyber security field (that, or they’re not looking there in the first place).
The truth is, great cyber security skills often exist in places most don’t think to look.
Take musicians, for instance. While it may sound a little far-fetched, there are transferable skills between music and cyber security (in the form of creativity and outside the box thinking) that help musicians excel in security careers:
“My musical skills helped me excel in the technical world, particularly security. The guys that are good at jazz improv tend to be good at technology.”
— Gig musician Tom Donahue, via Fast Company.
Or consider the background of someone in financial services. Facing situations where a single mistake could cost billions means understanding risk. You get people who can look at a large dataset, pull useful insights and examine them with extreme detail.
Bottom line, expand your search for cyber security talent outside the field and you’ll likely have greater success — especially for entry-level positions. Just be sure to look for individuals with a creative, problem-solving mindset, not just technical skills (those can be taught in-house as long as they have the desire to learn and aren’t technophobic).
Step 3: Leverage creative partnerships
Managed service providers (MSPs) are increasingly integral IT assets. They provide more efficient ways to scale and access to skills on demand. Just how an MSP can help you roll out a network infrastructure update, they can help you rise to meet short-term and long-term cyber security challenges. A managed security service provider (MSSP) can:
- Reduce the number of people you need full-time. By working with an MSSP, access on-demand talent and just pay for what you need, when you need it.
- Simplify your hiring process for in-house security teams. Since cyber security is often complex and specialised, by partnering with an MSSP, you no longer need an in-house specialist for everything — you can simply build a team of skilled generalists internally and access the specialised resources you need when you need them.
The right strategic partnership will reduce the need for (and cost of) cross-training existing team members in specialised technology (or hiring for them directly). Generally, it’s a more cost-effective solution for businesses even outside of the context of a skills shortage. If you’re struggling to find the right in-house talent, an MSP can provide access to a much deeper pool of talent and capabilities than recruiting in-house.
Bottom line: Security needs to be a priority
Being underprepared for a cyber security breach can mean reputation damage, financial loss, and even put you out of business completely. 60% of small companies fold within six months of a cyber-attack.
Strong cyber security isn’t just about play defence — it’s actually a competitive advantage. Your ability to secure operations will allow you to better leverage data, drive transformation and enable digital-first strategic investments.
Your ability to communicate the value of cyber security to leadership and the board will dictate the resources you have available. If you want help creating the right messaging, check out our free resource — Board Presentation Toolkit: Cyber Security and Threat Management.
Whether you need access to on-demand security resources or simply need help assessing where your business could better secure its data, we’re here to help. Learn more about our managed security services or our consulting and compliance services. The more information we can share within the cyber security community, the safer we will all be. Good luck and start planning!
Subscribe to the newsletter today
The Board is never going to care more about cyber
The way we work may never be the same again.