CYBER security is serious. You knew this, of course. Except after 2017 it’s getting more serious. Much more. And you need to start getting ready.
'Getting ready' in 2017 means it's the year HR teams recruit a new breed of cyber security expert.
These individuals will not only be focused on technical security and often embedded in IT teams, but also able to liaise with every stakeholder throughout the business. They will enable business through education and awareness, connecting security to business success.
One of many reasons 2017 will see a sharp increase in security-focused recruitment is the General Data Protection Regulation (GDPR), due to take effect in May 2018.
GDPR is EU legislation, but which nonetheless will almost certainly be brought into UK law - Brexit or no Brexit. And it will make last year’s record fines for IT breaches look like loose change.
Big money - big risk
It’s not as though the existing regulation isn’t already fairly tough.
In October last year mobile network TalkTalk was fined for a hack which left 157,000 customers exposed.
In its ruling, the Information Commissioner’s Office (ICO) said Talk Talk had failed to implement even “the most basic” security measures.
The hack, said the ICO, “could have been prevented if TalkTalk had taken basic steps to protect customers’ information.” Scarcely a more damning verdict is imaginable, and this was reflected in the size of the fine - £400,000; almost as much as it‘s possible to hand down.
We can all agree £400,000 is a lot of money. So think about that when we reflect that had Talk Talk been judged according to the new GDPR rules they could have been facing a bill of £72 million.
Gotta get ready
So we’re looking at a step change in risk, and a swift elevation of cyber security up the boardroom agenda.
And what’s the main cause of security breaches? Staff.
About half of all breaches, say PwC, are caused by inadvertent human error. We’re talking about such facepalm-worthy essentials as leaving memory sticks lying around and handing out passwords to phishing hackers.
It might be infuriating, but for all that it’s still easy to imagine why it happens. Picture a new, relatively junior member of staff being given responsibility for a range of business functions but little or zero training in cybersecurity. The same report reveals 72% of companies where security policy is poorly understood had staff-related breaches.
Even as things stand the estimated average financial loss from a single cybersecurity incident is £2 million. In effect, most businesses need protecting from themselves.
So CEOs will soon start looking pretty hard at their HR teams to ensure the people best placed to prevent 2018’s cyber security disasters are safely in post.
Only - there aren’t enough of them.
Cyber security specialists
Precisely the sort of transformative IT leaders the senior team will want to see walking through the doors in 2017 are the ones in most demand.
They are a new class called ‘Cyber Security Specialists’ who differ from their tekky predecessors in one very noticeable way - they’re great communicators.
Cyber Security Specialists change people’s behaviours by advocating a different thought process when it comes to security. They are enablers to business, not blockers.
It’s perfectly possible that they don’t even have an IT background, but they make change happen by putting cyber risk at the top of the boardroom agenda.
But the shortage means a rush for the best talent. Meanwhile, HR Directors will want to say their security resource is ready by 2017 - before GDPR takes effect.
Get ‘em while they’re hot
What appeals to cyber security specialists when they begin to consider new job opportunities?
First, they don’t want to waste their time. They need companies who invest in their security capability, and have board-level buy-in. This includes the foresight to see that security training and awareness is pivotal in building a successful security program.
It’s an evolving sector and they’ll want to stay ahead. Investing in their training, development, attendance at networking events etc. will be appreciated.
A blank canvas - so called ‘Greenfield’ security projects - are always of interest. It means they’re free to impart knowledge and sketch a security roadmap themselves, rather than having to adapt something which is, potentially, not working.
Finally, these professionals are keen to work in teams who are passionate about security. They live and breathe what they do.
Good luck in your search for your Cyber Security Specialists. Don’t leave anything to chance!
About Mary Worthington
Mary is senior consultant at Sanderson Plc and a specialist in the cyber information data security recruitment sector. She has become a leading voice in the media and at speaking events.