There is a positive trend emerging in how organisations respond to cybersecurity breaches, from an HR perspective, according to a recent Kaspersky study.
In 2021, less than a fifth of organisations across the META region laid off senior IT staff (15%) in 2021 and while this was slightly higher than compared to 2018 (13%), it is interesting to note that far fewer senior IT security roles (5%) were laid off in 2021 compared to (15%) in 2018) for the META region. Amid a challenging cybersecurity environment and growing IT complexity, the demand for IT and cybersecurity specialists still remains high.
According to the Gartner 2020 Board of Directors Survey, by 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified director. While cybersecurity risks become the second most critical source of risks for enterprises, behind only regulatory compliance risk, the role and responsibilities of IT security executives are crucial. And with a continuing skills gap in the market, it should be important for organisations to save experts in their positions.
Kaspersky research, titled: ‘IT Security Economics 2021: Managing the trend of growing IT complexity’, reveals that fewer enterprises now fire employees because of data breaches.
The split of employees that could lose their job because of a cybersecurity breach has also changed. In addition to senior IT and IT security roles, C-level executives are now far less likely to be exposed to dismissals too. The decreasing trend is also relevant for non-IT senior staff. As a result, the overall split across IT and non-IT, senior and non-senior roles, became flatter than a few years ago.
The demand for retaining and nurturing expertise is seen, for example, in budget planning: 30% of enterprises report the need to improve the level of specialist security expertise as the top reason to increase their IT security budget. In fact, this is the second most common reason, followed only by increased complexity of IT infrastructure (38%). Furthermore, by investing in internal specialists, employers are interested in retaining their knowledge within the company so that employees could leverage their skills in future.
“The transfer to remote work and processes has put increased pressure on the information security sector. With cybersecurity jobs in such high demand and skilled professionals in low supply, companies are realising the value of senior security executives and the need to plug the talent gap,” said Evgeniya Naumova, Executive VP, Corporate Business at Kaspersky.
“As Digital Transformation intensifies, not only does the need for well-trained professionals grow, but the management’s awareness of cybersecurity. Incidents cannot be completely ruled out. The highest possible level of cybersecurity depends on an adequate strategy, represented by IT security experts. We therefore very much welcome positive trends regarding the appreciation of specialised staff,” said Sebastian Artz, Head of Cyber and Information Security at Bitkom e.V., Germany´s digital association.
Companies that face the lack of internal expertise can use the following tips to raise the level of their cyberdefence:
• Train internal talent. Provide your IT security team with opportunities for additional education, including participation in expert courses or webinars. Specialists will appreciate a company that cares about their professional development and will be able to apply new knowledge to specific organisational processes.
• Encourage employees to share practical experiences and work on varied, non-standard tasks. Cybersecurity workers can also augment their expertise by reaching out to industry leaders that could provide unique knowledge to solve advanced challenges.
• If the lack of resources or expertise has to be solved in the short term, or the existing team is struggling to deal with the increased software security levels and constantly evolving protection technologies, a business can gain help from third-party IT security providers. Managed services from trusted IT security providers combine the most advanced automated tools with professional expert support to ensure timely detection, threat hunting and remediation.
Read more insights about cybersecurity management, budgets and recent incident response trend from the report ‘IT Security Economics 2021: Managing the trend of growing IT complexity’ here.