Hire a hacker to solve cyber skills crisis’ urge UK companies

Posted On 05 Nov 2014
Comment: Off

hackerAccording to the latest research conducted by KPMG UK, companies admit they’re considering turning to ex-hackers in a bid to stay one step ahead of cyber criminals.

KPMG surveyed 300 senior IT and HR professionals in organisations employing 500-plus staff to assess how the corporate world is ‘skilling-up’ to protect itself against cyber security breaches. The survey reveals that many companies are becoming increasingly desperate as they struggle to hire the right people.

Nearly three quarters (74%) say they are facing new cyber security challenges which demand new cyber skills. For example, 70% admit their organisation ‘lacks data protection and privacy expertise’. The same proportion of companies are also wary about their organisation’s ability to assess incoming threats.

The majority are candid enough to admit that the shortfall exists because the skills needed to combat the cyber threat are different to those required for conventional IT security. In particular, 60% of respondents are worried about finding cyber experts who can effectively communicate with the business. This aspect is vital towards ensuring that the cyber threat is well understood by corporate leaders outside of the IT Department.

While 60% claim to have a strategy in place designed to deal with any skills gaps, it’s clear that there is a short supply of people with all the relevant skills. 57% of interviewees agree it has become more difficult to retain staff in specialised cyber skills in the past two years. The same number say the churn rate is higher in cyber than for IT skills while 52% agree there’s aggressive head-hunting going on in this arena.

According to KPMG’s research, the skills gap is forcing many companies to consider turning to ‘poachers turned game-keepers’ in order to keep up-to-speed. 53% of respondents say they would consider using a hacker to bring inside information to their security teams. Just over half (52%) would also consider recruiting an expert even if they had a previous criminal record.

Clear strategy for dealing with the skills gap

Commenting on the research findings, Serena Gonsalves-Fersch (head of KPMG’s Cyber Security Academy) explained:” Increasing awareness of the cyber threat means the majority of UK companies are clear on their strategy for dealing with any skills gaps. However, they wouldn’t hire pickpockets to be security officers so the very fact that companies are considering former hackers as recruits clearly shows how desperate they are to stay ahead of the game. With such an unwise choice on the menu, it’s encouraging to see other options on the table.”

Gonsalves-Fersch added:” Rather than relying on hackers to share their secrets, or throwing money at off-the-shelf programmes that quickly become out of date, UK companies need to take stock of their cyber defence capabilities and act on the gaps that are specific to their own security needs. It’s important to have the technical expertise in place, of course, but it’s just as important to translate that into the business environment in a language senior management can both understand and respond to in good time.”

The research comes as KPMG launches a new cyber awareness programme, offering cyber learning content across the organisation from the C-Suite through to recent graduates. It also includes a ‘bridging course’ designed to help IT and business departments understand the language and risks presented by today’s cyber threats.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.