Cyber security transformation

Although the global cyber security workforce has grown to a record 4.7 million people, the demand for skilled professionals has outpaced supply. With a shortage of over 3.4 million security experts, the industry is experiencing a 26% increase in demand from 2021.

The need for cyber security has reached unprecedented levels, owing to a constantly evolving threat landscape featuring increasingly sophisticated attacks that are harder to detect and thwart, however, the supply of qualified professionals has not kept up with the demand.

The National Cyber Strategy, released in December 2021, outlines the UK government’s plan to maintain its position as a responsible and democratic cyber power by 2030. The strategy emphasises the need to enhance the UK cyber ecosystem, invest in people and skills, and strengthen collaboration between the government, academia, and industry.

To achieve these objectives, the strategy calls for the development of a sustainable and competitive cyber security sector that delivers high-quality products and services to meet the needs of both the government and the broader economy. One approach that may help achieve strategic success is for companies to shift their focus towards a human-centric approach.

“A human-centered approach to cyber security is essential to reduce security failures,” said Richard Addiscott, Sr Director Analyst at Gartner. “Focusing on people in control design and implementation, as well as through business communications and cyber security talent management, will help to improve business-risk decisions and cyber security staff retention.”

According to the Digital Trust Insights survey, cloud-related threats have emerged as the top cyber security concern for UK senior executives in 2023. About 39% of respondents expect cloud-based threat vectors to have a significant impact on their organisations, surpassing other cyber threats like laptop/desktop endpoints, web applications, and software supply chains. Moreover, a third of executives anticipate an increase in attacks against cloud management interfaces, while 20% predict attacks on the Industrial Internet of Things (IIoT) and operational technology (OT) to surge in the coming year.

Despite the growing cloud-related threats, some traditional cyber threats are still expected to persist in 2023. About 27% of UK organisations anticipate a significant rise in business email compromise and ‘hack and leak’ attacks, while 24% foresee an increase in ransomware attacks. However, the survey indicates a silver lining as 59% of UK respondents anticipate a rise in their cyber security budgets in 2023, providing hope for CISOs who must manage and mitigate these risks.

The increase in cloud-based threats is a result of some of the potential cyber risks associated with digital transformation.

Initiatives such as migrating to the cloud, adopting e-commerce and digital service delivery methods, using digital currencies, and integrating IT with operational technology are crucial for safeguarding the business against future disruptions, unlocking value, and achieving sustainable growth.

However, a significant number of UK senior executives, around two-thirds of them, admit that they have not fully addressed the cyber risks that come with digital transformation.

The current UK cyber security workforce currently has an estimated 98,000 (low) – 171,000 (high) employees. The need for cyber security experts has experienced a consistent annual increase of 14% since 2016, with the recent growth of 9%. As a result, it is estimated that the UK’s cyber security workforce must expand by approximately 12,000 individuals annually to meet the projected demand.

Based on the estimated demand, the UK needs to attract around 17,500 new professionals each year to fill cyber security job roles, but the current supply is only generating approximately 7,500 new hires in addition to the existing perceived talent shortage and the potential for future demand to increase.

This ongoing scarcity of cyber skills poses significant challenges, including loss of talent and experience, staff retention difficulties, productivity challenges, and the risk of employee burnout.

According to LinkedIn data, there is a total of 120,580 UK professionals with cyber security as a key skill – an increase of 30% from 2022 with the fastest growing skills in cybersecurity shown below:

So, how do you go about effectively recruiting a skilled cyber security team to drive a security transformation project or to create a new division within your existing tech team?

Develop a Strong Employer Brand: To attract top cybersecurity talent, your company must be an attractive place to work. This means developing a strong employer brand that communicates your company’s values, mission, and culture. You can do this through social media, networking events, and by offering competitive compensation and benefits packages.

Partner with Universities and Training Programs: Partnering with universities and training programs can help you identify and attract top cybersecurity talent early on. This may involve sponsoring events, offering internships, and collaborating with faculty to develop coursework that aligns with your company’s needs.

Leverage Employee Referrals: Employee referrals can be a powerful recruiting tool, as they can help you identify candidates who are not actively looking for new opportunities. Encourage your current employees to refer their friends and colleagues, and offer incentives for successful referrals.

Look Beyond Technical Skills: While technical skills are important in cybersecurity, it’s also important to look for candidates with strong communication, problem-solving, and critical thinking skills. Cybersecurity is a complex field that requires professionals who can think strategically and work collaboratively.

Offer Professional Development Opportunities: Cybersecurity professionals are in high demand, and they want to work for companies that will invest in their professional development. Offer opportunities for training, certifications, and other professional development activities to attract and retain top talent.

Create a Positive Candidate Experience: The hiring process can be stressful for candidates, and a negative experience can turn off even the most qualified candidates. Make sure your hiring process is transparent, efficient, and respectful, and provide candidates with regular updates throughout the process. A positive candidate experience can help you attract top talent and build a strong employer brand.

We build cyber security and defense teams with our unique approach to recruitment, partnering with companies at various stages of growth on a contingent, hybrid, or embedded basis.

___

Our cyber security recruitment function has been trusted by some of the world’s most recognised brands in the security domain to deliver great talent in candidate-led markets.

We’ve worked with pre-seed start-ups, scaling companies & enterprise clients across multiple industry sectors, including government & defense (SC & DV cleared requirements) so you can be assured that we know exactly what we’re doing. From placing “1st dedicated security hires” to teams of penetration testers, we’ve seen everything that hiring in the security space can conjure.

Rather than waiting for the candidates to come to you, we take your vacancy to our decade-old networks and market it in a proactive and targeted approach. Given we at Troi are all ex-internal recruiters, we know how annoying it can be to sift through dozens of irrelevant CVs, so instead we like to send a handful of well-informed and well-screened candidates that have a very good chance of filling your open role.

Sources:

pwc-digital-trust-insights-survey.pdf

Government Cyber Security Strategy: 2022 to 2030 – GOV.UK (www.gov.uk)