Recruitment consultancy Robert Half Technology has recently published a new report which throws out some interesting but not entirely unexpected figures about the demand for IT security professionals.
As you can probably imagine, that demand is set to remain high with just under half (47%) of UK CIOs saying they are likely to beef up their teams with additional members this year. A similar number (45%) say they will enhance cloud security in 2015. Around one third (29%) predict that they will enhance/implement mobile device security.
The continued interest in security – fueled by recent news of data breaches and other high profile hacks (in my opinion) – ensure that security remains a key driver in the continuing demand for skilled IT professionals.
Additionally, 93% of the 100+ CIOs interviewed for the report indicate that their own businesses have identified security as a priority due to the number of security threats experienced by their own firms either increasing or remaining the same. As a result, those polled say that 19% of their corporate IT budgets are being funneled into the security function (but it’s never enough, eh?)
Robert Half suggests more of the same going forward as changes in lifestyle lead to a continuing uptick in mobile technology use, a trend that introduces additional security challenges to both businesses and individuals alike.
But it’s not just remote access to corporate data and networks that firms have to worry about – Half’s research also discovered that 78% of CIOs are aware of the insider threat – just under half of them cite the biggest risk to corporate data as the perceived dangers of employees and third parties overhearing sensitive information. Thirty-seven percent of CIOs say the biggest threat comes from the same people seeing sensitive data.
Neil Owen, Director, Robert Half Technology, said:
The demand for skilled IT security professionals is on the rise as businesses of all sizes are recognising the importance of IT security and are conscious they need to strive to continuously meet best practice standards or risk being vulnerable to an IT security threat.
Increased investment in cloud and mobile security by organisations is following hard on the heels of greater take-up of those technology platforms, so IT security professionals with these specialist skills and experience will be most in demand. However, it will also be important to have broad experience of overall security measures and how to protect corporate, customer and personal data, taking account of internal threats as well external risks.
IT security professionals with the right combination of skills and experience will be in high demand for the foreseeable future, which means it will be important for businesses to provide attractive remuneration packages along with an innovative, technically challenging environment in order to attract the best candidates.
As anyone in the industry knows, the demand for the right people certainly is there but what is telling from Half’s report is the fact that, while many firms seem to be scrabbling over a small pool of talent, only a quarter of companies are intending to enhance the security training and awareness levels of their own existing workforce.
To my mind this makes little sense. We only need to take a look at the news to see evidence that security is becoming a more pressing need for just about every modern business. The security industry, meanwhile, is unable to keep up with demand due to a lack of new and suitably trained recruits coming through the system, either due to failings with the educational system as a whole, lack of incentives for women to join or the inability of firms to integrate people into the security function unless they have come through the accepted routes of education and certification.
Until this fundamental problem is addressed, demand (and therefore the costs) will continue to grow, so why not spend some of that budget on tackling knowledge and attitude among the people already residing within the business?
Given the continuing threat posed by ‘simple’ attacks such as phishing and social engineering that continue to prove successful, surely that would be money well spent?