February 25, 2016 - Comments Off on Moving Forward: The Relationship Between Cyber Security & Recruitment
Over the past couple of years, the Big Four have dedicated significant resources in an attempt to master Cyber Security, it has become abundantly clear that this a formidable challenge given that no one fully understands this evolving threat. Malcolm Marshall, the Global Head of Cyber Security at KPMG International, has stated that, “governments and businesses have yet to master the ‘third industrial revolution’ – the rise of the internet – let alone the fourth… We are going into this ‘industrial revolution’ and trying to master it, even though we have failed to secure ourselves in the third one.”
This is not surprising. Cyber Security is still being debated at an academic level, a government level, and an industry level. Therefore, there is no universally accepted definition, no universally accepted threat activity levels, and no universally accepted framework for tackling it. The Big Four are at the forefront of this debate by teaming up with other industry leaders to develop a Cyber-Risk framework, exploring new technologies and processes to enhance businesses’ ability to prevent cyber-attacks, and resourcing the best talent in the field in order to make these steps a reality.
With companies all over the world, particularly the Big Four, looking to build robust Cyber Security practices, a common problem found is access to quality talent in such a developing field. In fact, Cyber Security Job Site estimates that some companies are likely to recruit over 300 Cyber Security professionals per year; it is clear that demand hugely outweighs the supply of skilled professionals.
This is by no means a unique occurrence in recruitment, there will always be more opportunities than candidates – we must accept this fact. And it is for this reason that recruitment agencies are embracing the lucrative Cyber Security market; however, we must recognize that operating in this industry requires a re-evaluation and transition away from ‘recruitment as usual.’
In 2015, the Cyber Security industry as a whole is reported to have reached $75 billion, with market analysts projecting that this will rise to $170 billion by 2020. Therefore, it shouldn’t come as a shock that we have observed exponential growth in Cyber Security practices across the Big Four accountancy firms.
The phrase “Cyber Security” has become ubiquitous. It is a term that has no established definition and our understanding of its depth and scope is evolving every day. As a result, we are constantly presented with new challenges and threats, which are have a significant impact on economies all over the world. According to the UK government, cybercrime costs British businesses £34 billion per year; with an estimated cost to the global economy in excess of $400 billion each year.
Indeed, the world witnessed a number of large-scale data breaches in both 2014 and 2015. In October 2015, the British telecommunications firm Talk Talk was hit by a “significant and sustained cyber-attack,” which compromised the personal data of the company’s over 4 million customers; in August 2015, the controversial U.S. online data site Ashley Madison suffered an extensive cyber-attack, which resulted in users’ personal information being made public; and in March 2015, the American health insurance company Primera Blue Cross was targeted and it was reported that over 11 million customers could have been affected.
It is difficult to quantify the financial impact of each attack; however, the fact that cyber-attacks on banks, businesses, and governments appear to be increasing forces organisations to take precautions. Across the globe, companies are now operating under the assumption that – regardless of their size, location, or industry – cyberattacks will happen – to them!
Governments around the world have also sought to ensure that businesses begin to take responsibility for securing their information, especially the personal data of their clients and customers. Both the U.K. and U.S. governments, as well as the European Union, have led the way in the implementation of new Cyber Security standards, which are imposed and overseen by regulatory bodies – meaning that companies are now legally required to properly protect their data.
Simon Collins, the U.K. chairman of KPMG, put it succinctly when he stated that, “[companies] have gone from having an anecdotal understanding of Cyber Security to seeing it as a key item on the agenda.” Since this quote was reported in 2014, the Big Four have grown their Cyber Security practices exponentially and in doing so have found an incredibly lucrative market.
It is clear that Cyber Security is an important market for recruiters but it is one that requires us to have a look at our practices in order to maximise it’s potential. How often do we come across blog posts on LinkedIn from industry leaders complaining of receiving approaches from consultants declaring, “I have found the IDEAL candidate for your team,” when, in fact, the candidate does not have many of the skills/experience needed for the role? Yes, ensuring an effective pipeline is important but it is this sort of behaviour that leads to clients and candidates becoming disenchanted with recruiters and recruitment in general.
We must be frank with ourselves; cyber security is complex, it is difficult, and it is important in an increasingly hostile world. Therefore, we must approach it as such by ensuring that those engaging with this market are as informed as possible, which will require significant dedication from both recruitment consultants and researchers.
Companies should look to utilise all of their resources; for example, I lead Milburn Lewis’ Cyber Security research because I have a strong academic background in Cyber Security and am able to utilise this knowledge in my analysis of the market and identification of candidates. I don’t want to be misunderstood, I am not calling for recruiters to become experts in Cyber Security – this is simply not feasible. However, we cannot simply continue to “sound like we know what we’re talking about” or “bluff it” with clients and candidates.
Becoming more engaged with the issue of Cyber Security will not only benefit our clients and candidates but also our employers. It means knowing where to locate candidates because, as we are coming to understand, Cyber Security professionals don’t simply hang out on LinkedIn waiting for the next InMail. It means building trust by showing a genuine desire to understand the developments and challenges associated with Cyber Security.
It means recognising the desired qualifications and ignoring those that, in the words of a Cyber Security professional, “aren’t worth the paper they are written on.” And it means recognizing what the client wants and what is realistic, given that Cyber Security is in its infancy there is a serious lack of talent; however, it is our job to find those that are there. This is what we doing here at Milburn Lewis by fully engaging with Cyber Security, we are able to identify and place the highest calibre candidates within the Big Four.
If you would like to find out more or discuss the details please get in touch with Darren Reid at firstname.lastname@example.org or on +44 0131 560 1143.