How can Australia’s technology sector retain the best cyber-security staff?
Published 6th September 2017 by Amee Karat
There is no doubt that the more we come to rely on technology, the more likely we are to be held ransom by it if we do not have the right systems — and staff — in place to mitigate the risks of this happening.
And with new legislation now making it compulsory to report all data breaches to the Australian Government if your business has an annual turnover of more than $3 million, the need to find and retain the right cyber security staff has never been more important.
I have worked in the cyber security sector since 2009 and in that time, I have seen the demand for talented cyber security increase exponentially.
This is particularly true for the past two years where we have seen exceptional growth in this space as businesses — small, medium and large — have become more aware of the need to ensure their data is secure.
So how do you compete against other organisations head-hunting your best staff? Are your cyber security staff happy to plan out a career with your organisation?
It is not just about the money
Many organisations make the mistake of thinking they can retain their cyber security staff simply by raising their salary packages, but this approach rarely works long-term.
Yes, specialists in cyber security command high wages because of the value of their work and the demand for their services.
However, in our experience, we have found time and again that job satisfaction is the key to retaining your top cyber security staff.
Cyber security is a unique field which attracts a unique set of creative-thinking, problem-solving devotees who love a challenge and finding solutions to problems. In short, they like a challenge.
Mundane and repetitive work will doubtless account for some aspects of cyber security work, but candidates and employees who are well paid, given the chance to stretch their wings and challenged are much more likely to remain on your staff than someone who is very well paid and bored!
Job satisfaction very often comes down to how interesting and challenging the role is for the individual.
This may mean providing ongoing training and professional development, flexible working arrangements and attractive wages as the focus shifts to positive steps to attract and maintain top performing cyber security staff.
Contractors versus permanent staff
While there is a general acceptance that cyber security contractors can command high wages because of the demand for their services, there is less understanding of the need to attract and retain on-staff cyber security specialists with salary packages which appeal to them.
Yes, contracting out your cyber security may seem an effective way to reduce fixed staff costs. But can you afford the longer term implications of doing so?
The 2017 Ponemon Cost of Data Breach Study clearly iterates that “the faster [a] breach can be identified and contained, the lower the costs.”
The report also states that “programs that preserve customer trust and loyalty in advance of the breach will help reduce the number of lost business/customers.”
In fact, the survey showed that the average number of days taken to identify a data breach in 2016 was 201 days, which fell to 191 days in the first half of 2017. Ponemon attributes this decline to improved security technologies.
However, it would not be a stretch to attribute some of the improvement to more organisations having their own cyber security systems and staff which can respond more efficiently and quickly to any data breaches.
Given that the 2017 Ponemon report states that the average cost of a data breach for a company was $2.51 million — or, in per capita terms, $139 for every Australia — an investment in an in-house cyber security team for medium to larger businesses simply makes sense.
Looking for industry leaders
Australia needs to look beyond any quick fix band-aid solutions such as last year’s call from the Australian Centre for Cyber Security for the development of a national security corps of volunteers to help secure the government, businesses and individuals from cyber-attack.
The focus instead should be on investment in the education sector for long-term talent cultivation.
And while teaching theoretical application is essential, so too is the need to provide hands-on experience in the sector. Nothing beats experience.
A great example of this can be found in Israel, where they set the foundation for long-term success in the cyber security field for governments, military and businesses.
Earlier this year Israel announced it would establish a National Centre for Cyber Education to train young people in the sector.
Israeli Prime Minister Benjamin Netanyahu said at the time the centre would “increase the number and raise the level of young Israelis for their future integration into the Israeli security services, industry and the academic world.”
It would, he said, focus on “the development of programs and education for children, youth and graduates in the cyber sphere.”
In Australia, in the short to medium term, there needs to be a substantial increase in investment in research and development and mediating the threat of offshore verses internal security operations.
While some are forecasting a peak in demand for staff in the cyber security sector later this year or next year, I am confident this ‘peak’ in demand will not be followed by a decline as is usually the case.
Rather, demand for top performing staff in cyber security will continue to grow exponentially in the next five years and beyond, barring the development of some unforeseen security solution!
Amee Karat is Senior Consultant for Security and Infrastructure at Davidson Technology.
Originally published at Computer World on September 4, 2017.