Given the mounting organizational costs and impact that cybersecurity breaches can have on the enterprise, the CIO is being held to a higher standard when it comes to managing and monitoring security for the enterprise. According to a study of 58 public and private sector organizations in the U.S. conducted by Ponemon Institute, the average cost of cyber crimes imposed on benchmarked organizations was $15 million in 2015, up from an average cost of $12.7 million in 2014.
Protecting the enterprise against cyber threats includes having the right personnel and skills in place to detect and respond effectively to known or suspected dangers.
Attracting and retaining the right cyber security team is becoming increasingly difficult. According to Raytheon, there are currently 200,000 unfulfilled cyber security positions in the U.S. today. And that number is expected to quadruple over the next five years.
Globally, companies and public sector organizations will need to fill a projected 6 million openings for security professionals by 2019 but only 4.5 million professionals will have the necessary qualifications, according to (ISC)2, the security certification and industry body.
Part of the challenge is the difficulty in attracting young people into STEM (Science, Technology, Engineering, and Mathematics) careers, a pervasive problem that spans across nearly all IT disciplines.
Some forward-thinking CIOs have been active in sparking STEM interest at the elementary and middle-school level.
Others have expanded their recruitment focus beyond college students and early-stage professionals with traditional degrees that characteristically lead to cyber security roles and are helping people obtain the training and skill sets that are needed to succeed in this space. This includes working with recruitment agencies to identify potential candidates who may have liberal arts and other backgrounds who demonstrate a proclivity for cyber security disciplines.
Some enterprises have attempted to recruit former ‘black hats’ – cyber criminals that have illegally hacked companies and individuals – and place them in ethical roles to help organizations identify potential threats and weaknesses. But industry experts say there’s been little incentive for hackers outside Western Europe and the U.S. to take on legitimate employment due to low prosecution rates.
The CIO can also work with HR and with the company’s cyber security managers to mentor and grow existing IT staffers and develop those that are interested into cyber professionals.
CIOs and their organizations can also conduct hackathons – in this case, events that are focused on coders competing against one another to solve a cyber security challenge. Hackathons can be a great way to assess skill sets and approaches to problem solving.
Meanwhile, women are vastly underrepresented in cyber security, comprising less than 15 percent of those working in information security, according to industry figures.
Savvy CIO can use creative tactics in recruiting and attracting female cyber security candidates. This includes lobbying senior management for additional funding for training programs that are specifically geared towards women. Meanwhile, flexible work options that can help certain women juggle work and family life, is another means of attracting and retaining the right candidates.
As cyber security continues to become more complex with the advent of the Internet of Things and computers embedded in different devices, “it’s a discipline that we need to train from college on up,” said Greggory Garrett, CEO and Managing Director of CGS Advisors in an HMG Strategy Transformational CIO video.
- The growing shortage of qualified cyber security professionals is forcing CIOs to take more creative approaches towards mentoring, recruitment, and training.
- Some savvy CIOs have partnered with recruitment agencies to identify potential candidates who may have liberal arts and other backgrounds who demonstrate a proclivity for cyber security disciplines.
- Given the massive costs that cyber security breaches can impose, CIOs can also lobby executive management for additional funding for training, recruitment, and other development programs.