There is a positive trend in how organizations respond to cybersecurity breaches from an HR perspective, according to a recent Kaspersky study. In 2021 across the META region, though the number slightly increased in the laid off senior IT staff, 15% in 2021, compared to 13% in 2018, the figure for senior IT security roles actually decreased, 5% in 2021 compared to 15% in 2018, if a data breach occurs. Amid a challenging cybersecurity environment and growing IT complexity, the demand for IT and cybersecurity specialists remains high.
According to the Gartner 2020 Board of Directors Survey, by 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified director. While cybersecurity risks become the second most critical source of risks for enterprises, behind only regulatory compliance risk, the role and responsibilities of IT security executives are crucial. And with a continuing skills gap in the market, it should be important for organizations to save experts in their positions.
IT Security Economics 2021: Managing the trend of growing IT complexity reveals that fewer enterprises globally now fire employees because of data breaches. In the META region this common measure in responding to data breaches actually witnessed an increase when comparing the numbers to 2018, 22% to the 27% in 2021.
The split of employees that could lose their job as a result of a cybersecurity breach has also changed. In addition to senior IT and IT security roles, C-level executives are likely to be exposed to dismissals too – 3% in 2021 similar to 3% in 2018. The trend is also relevant for non-IT senior staff. As a result, the overall split across IT and non-IT, senior and non-senior roles, became flatter than a few years ago.
The demand for retaining and nurturing expertise is seen, for example, in budget planning: 30% of enterprises report the need to improve the level of specialist security expertise as the top reason to increase their IT security budget. In fact, this is the second most common reason, followed only by increased complexity of IT infrastructure (38%). Furthermore, by investing in internal specialists, employers are interested in retaining their knowledge within the company so that employees could leverage their skills in future.
“The transfer to remote work and processes has put increased pressure on the information security sector. With cybersecurity jobs in such high demand and skilled professionals in low supply, companies are realizing the value of senior security executives and the need to plug the talent gap,” comments Evgeniya Naumova, Executive VP, Corporate Business at Kaspersky.
“As digital transformation intensifies, not only does the need for well-trained professionals grow, but the management’s awareness of cybersecurity. Incidents cannot be completely ruled out. The highest possible level of cybersecurity depends on an adequate strategy, represented by IT security experts. We therefore very much welcome positive trends regarding the appreciation of specialized staff,” says Sebastian Artz, Head of Cyber and Information Security at Bitkom eV, Germany´s digital association.
Companies that face the lack of internal expertise can use the following tips to raise the level of their cyber defense:
- Train internal talent. Provide your IT security team with opportunities for additional education, including participation in expert courses or webinars. Specialists will appreciate a company that cares about their professional development and will be able to apply new knowledge to specific organizational processes.
- Encourage employees to share practical experiences and work on varied, non-standard tasks. Cybersecurity workers can also augment their expertise by reaching out to industry leaders that could provide unique knowledge to solve advanced challenges.
- If the lack of resources or expertise has to be solved in the short term, or the existing team is struggling to deal with the increased software security levels and constantly evolving protection technologies, a business can gain help from third-party IT security providers. Managed services from trusted IT security providers combine the most advanced automated tools with professional expert support to ensure timely detection, threat hunting, and remediation.