Do you have a strategy for attracting IT security talent in the next few years? This is a field in which demand is far outstripping supply and leaving positions vacant can have serious consequences. How will you attract and retain experienced professionals?
According to a recent survey by Intel Security and Vanson Bourne, there are 209,000 unfilled security jobs in the US. Globally, there will be a 1-2 million shortfall in skilled workers in the field by 2019. Almost three quarters (71%) of large organizations questioned in the survey said this skills shortage left them vulnerable to cyberattacks.
The rising threat: cyberattacks
Every organization is a potential cyber victim. A study by Forrester Research in 2015 found that 60% of brands experienced a breach of sensitive data that year. High-profile targets such as UPS, JP Morgan Chase, Sony, Experian and even the FBI have suffered considerable financial and reputational damage as a result of a successful attack. A recent Ponemon investigation found that the average cost of a breach is $3.8 million; a rise of 23% since 2013.
For criminals, the possible rewards are huge. According to the 2016 Trustwave Global Security Report, a hacker investing $5,900 in a malware infection campaign could realise a 1,425% return on investment within 30 days, earning $84,100 as a result of the scam. With claims that nation states such as China and Russia are sponsoring security breaches, cybercrime is a threat that is not going to abate any time soon.
Why cybersecurity should be on your C-suite agenda
Cybersecurity is becoming a more pressing topic for the C-suite. Installing a high quality firewall and antivirus software package is no longer enough; executives should be actively involved in developing cybersecurity strategies that focus on long-term proactivity, not short-term defensiveness. A government committee in the UK has even gone so far as to propose that CEOs and senior executives should be subject to fines and custodial sentences if found negligent on cybersecurity.
Worryingly, many senior teams still fail to grasp the importance of cybersecurity to business success. A 2014 survey found that around 33% of management boards received no regular reports about cybersecurity at all.[vi] Frequently, where security is found to be lacking an organization provides funding for short-term fixes rather than committing resource to a holistic, long-term strategy.
The shortage of cybersecurity professionals
The availability of experienced specialists is reaching crisis levels. Among security professionals, 23% said the lack of talent in this area is the biggest challenge facing the IT industry; 12% of all IT professionals agree.
A recent Intel report found that 82% of organizations in the US, UK, Japan, Israel, Germany, France and Australia are experiencing a shortage of skilled workers in cybersecurity; 53% of organizations said recruitment difficulties were worse in this field than for other IT roles. Intrusion detection, attack mitigation and software development were the areas with the most severe shortage of eligible candidates.
According to data from the Bureau of Labor Statistics, the challenge is set to increase: demand for cybersecurity professionals is predicted to grow 53% over the next two years. New graduates cannot simply fill these roles because only 23% of organizations see educational programs as giving candidates the skills they need to enter the industry. Hands-on experience and professional certification are valued much more, but these take time to acquire.
How can you attract good recruits?
In this competitive recruitment environment, what can you do to secure top talent? Unsurprisingly, pay is a major draw for promising professionals; the average compensation for an information security manager grew by around 6.4% in 2015-16. The US national average salary of a cybersecurity specialist with three or more years’ experience is $99,000. With five years’ experience, the average salary rises to $118,000.
A substantial 80% of security professionals said a salary increase could persuade them to move to a new employer. This reflects a widely-held belief that despite mounting workloads, pay is not keeping up with the value they contribute to an organization; 61% of security professionals believe their salary is falling behind business growth and demands, compared to 55% among other IT professionals.
How can you retain top talent?
With unemployment rates among this group approaching zero, there are plenty of businesses out there looking to poach dissatisfied employees from their competitors; 74% of cybersecurity professionals have been targeted by head hunters in the last year.
In terms of retention, focusing on job satisfaction and workload might help to keep good employees. The shortage of skilled professionals means there is more pressure on existing workers; 60% of cybersecurity professionals say they expect their workloads to increase in the next 12 months. If you pile the work up too high, your valued employee could simply move elsewhere.
Contact us to find out how Glocomms can help you.
Glocomms is a leading specialist recruitment agency for the technology sector. We were founded in 2013 to give clients and candidates peace of mind that the recruitment process is in expert hands. Our continual investment in best-in-class technologies and consultant training enables us to recruit with speed, precision and accuracy. Today, Glocomms provides contingency, retained search and project-based contract recruitment across our offices in San Francisco, New York, London and Berlin.