There is a positive trend in how organisations respond to cybersecurity breaches from an HR perspective, according to a recent Kaspersky study. In 2021, almost half as many organisations laid off senior IT staff (6% in 2021, compared to 8% in 2018) and senior IT security roles (8% compared to 14% in 2018) if a data breach occurs. Amid a challenging cybersecurity environment and growing IT complexity, the demand for IT and cybersecurity specialists remains high.
According to the Gartner 2020 Board of Directors Survey, by 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified director. While cybersecurity risks become the second most critical source of risks for enterprises, behind only regulatory compliance risk, the role and responsibilities of IT security executives are crucial. And with a continuing skills gap in the market, it should be important for organisations to save experts in their positions.
‘IT Security Economics 2021: Managing the trend of growing IT complexity’ reveals that fewer enterprises now fire employees because of data breaches. In 2018, it was a more common measure (27%) in response to data breaches, compared to 18% in 2021.
The split of employees that could lose their job as a result of a cybersecurity breach has also changed. In addition to senior IT and IT security roles, C-level executives are now half as likely to be exposed to dismissals too – 3% in 2021 compared to 5% in 2018. The decreasing trend is also relevant for non-IT senior staff. As a result, the overall split across IT and non-IT, senior and non-senior roles, became flatter than a few years ago.
The demand for retaining and nurturing expertise is seen, for example, in budget planning: 33% of enterprises report the need to improve the level of specialist security expertise as the top reason to increase their IT security budget. In fact, this is the second most common reason, followed only by increased complexity of IT infrastructure (47%). Furthermore, by investing in internal specialists, employers are interested in retaining their knowledge within the company so that employees could leverage their skills in future.
“The transfer to remote work and processes has put increased pressure on the information security sector. With cybersecurity jobs in such high demand and skilled professionals in low supply, companies are realising the value of senior security executives and the need to plug the talent gap,”comments Evgeniya Naumova, Executive VP, Corporate Business at Kaspersky.
“As digital transformation intensifies, not only does the need for well-trained professionals grow, but the management's awareness of cybersecurity. Incidents cannot be completely ruled out. The highest possible level of cybersecurity depends on an adequate strategy, represented by IT security experts. We therefore very much welcome positive trends regarding the appreciation of specialised staff,” says Sebastian Artz, Head of Cyber and Information Security at Bitkom e.V., Germany´s digital association.
Companies that face the lack of internal expertise can use the following tips to raise the level of their cyber defense:
- Train internal talent. Provide your IT security team with opportunities for additional education, including participation in expert courses or webinars. Specialists will appreciate a company that cares about their professional development and will be able to apply new knowledge to specific organisational processes.
- Encourage employees to share practical experiences and work on varied, non-standard tasks. Cybersecurity workers can also augment their expertise by reaching out to industry leaders that could provide unique knowledge to solve advanced challenges.
- If the lack of resources or expertise has to be solved in the short term, or the existing team is struggling to deal with the increased software security levels and constantly evolving protection technologies, a business can gain help from third-party IT security providers. Managed services from trusted IT security providers combine the most advanced automated tools with professional expert support to ensure timely detection, threat hunting, and remediation.
Read more insights about cybersecurity management, budgets and recent incident response trend from the report ‘IT Security Economics 2021: Managing the trend of growing IT complexity’ here.