Nearly three quarters (74 percent) of businesses admit new cyber challenges require new skills and nearly two thirds (64 percent) admit cyber skills are different to conventional IT skills.
57 percent of businesses are finding it more difficult to retain specialised staff in cyber skills and that there is a high level of churn due to aggressive headhunting. Over half would consider hiring a hacker or someone with a criminal record to keep ahead of the game. UK companies admit they are considering turning to ex-hackers in a bid to stay one step ahead of cyber criminals, according to the latest research from KPMG. KPMG surveyed 300 senior IT and HR professionals in organisations employing 500-plus staff to assess how the corporate world is ‘skilling-up’ to protect itself against cyber security breaches. The survey revealed that many companies are becoming increasingly desperate as they struggle to get the right people on board.
Nearly three quarters (74 percent) say they are facing new cyber security challenges which demand new cyber skills. For example, 70 percent admit their organisation ‘lacks data protection and privacy expertise’. The same proportion are also wary about their organisation’s ability to assess incoming threats. The majority are candid enough to admit that the shortfall exists because the skills needed to combat the cyber threat are different to those required for conventional IT security. In particular 60 percent are worried about finding cyber experts who can effectively communicate with the business – vital to ensuring that cyber threat is well understood by corporate leaders outside the IT department.
While 60 percent claim to have a strategy to deal with any skills gaps, it is clear that there is a short supply of people with all the relevant skills. 57 percent agree it has become more difficult to retain staff in specialised cyber skills in the past two years. The same number say the churn rate is higher in cyber than for IT skills and 52 percent agree there is aggressive headhunting in this field. According to KPMG’s research, the skills gap is forcing many companies to consider turning to ‘poachers turned game-keepers’ to keep up to speed. 53 percent of respondents say they would consider using a hacker to bring inside information to their security teams. Just over half (52 percent) would also consider recruiting an expert even if they had a previous criminal record.
Commenting on the findings, Tim Payne, a partner in KPMG’s People Powered Performance practice, says: “There is both an immediate and a medium term challenge here. Right now, organisations have little choice but to fight for the best talent they can get in the market, and make sure they are doing whatever they can to motivate and retain their current stars. But in the medium term there is a great opportunity to build a clear talent plan for Cyber. This means defining core skills – now and future – organisation models, career paths, learning paths, attractive employment conditions and reward – so companies can grow the cyber skills they will need.”
The research comes as KPMG launches a new cyber awareness programme, offering cyber learning content across the organisation, from C-suites to graduates. It also includes a ‘bridging course’ designed to help IT and business departments understand the language and risks presented by cyber threats.