Senior IT security experts less likely to be fired after cybersecurity breaches in 2021
December 20, 2021: According to a recent Kaspersky study, there is a positive trend in how organizations respond to cybersecurity breaches from an HR perspective. In 2021 in the META region, although the number of IT executives laid off increased slightly (15% in 2021, compared to 13% in 2018), the number of senior IT security positions actually decreased (5% in 2021 compared to 15 % in 2018) in the event of a data breach. In a challenging cybersecurity environment and increasing IT complexity, the demand for IT and cybersecurity specialists remains high.
According to the Gartner 2020 Board of Directors Survey, by 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified director. As cybersecurity risks become the second most critical source of risk for businesses, behind only regulatory compliance risk, the role and responsibilities of IT security managers are crucial. And with a persistent skills gap in the market, it should be important for organizations to retain experts in their roles.
“IT Security Economics 2021: Navigating the Growing IT Complexity Trend” reveals that fewer companies around the world are now laying off employees due to data breaches. In the META region, this common measure of data breach response has actually seen an increase when comparing 2018 figures (22%) to 27% in 2021.
The distribution of employees likely to lose their jobs as a result of a cybersecurity breach has also changed. Besides senior positions in IT and IT security, C-level executives are also likely to be exposed to layoffs – 3% in 2021 compared to 3% in 2018. The trend is also relevant for non-IT executives. As a result, the overall split between IT and non-IT, senior and non-senior roles has become flatter than a few years ago.
The demand for retaining and developing expertise manifests itself, for example, in budget planning: 30% of companies indicate that the need to improve the level of specialized expertise in security is the main reason for increasing their budget. computer security. In fact, it’s the second most common reason, followed only by increased IT infrastructure complexity (38%). Additionally, by investing in in-house specialists, employers have an incentive to retain their knowledge within the company so that employees can leverage their skills in the future.
“The shift to remote work and processes has put increased pressure on the information security industry. With such demand for cybersecurity jobs and a shortage of skilled professionals, companies are realizing the value of senior security executives and the need to fill the talent gap,” comments Evgeniya Naumova, Executive Vice President, Corporate Business at Kaspersky.
“As digital transformation intensifies, not only does the need for well-trained professionals increase, but management awareness of cybersecurity increases. Incidents cannot be completely excluded. The highest possible level of cybersecurity depends on an adequate strategy, represented by computer security experts. We therefore very much welcome the positive trends in the appreciation of specialist personnel,” says Sebastian Artz, Head of Cybersecurity and Information Security at Bitkom eV, the German digital association.
Organizations facing a lack of internal expertise can use the following tips to raise the level of their cyber defense:
- Train internal talent. Provide your IT security team with additional training opportunities, including participation in expert courses or webinars. Specialists will appreciate a company that cares about their professional development and will be able to apply new knowledge to specific organizational processes.
- Encourage employees to share practical experiences and work on varied and atypical tasks. Cybersecurity workers can also increase their expertise by reaching out to industry leaders who could provide unique knowledge to solve advanced challenges.
- If the lack of resources or expertise needs to be addressed in the short term, or if the existing team is struggling to keep up with increased levels of software security and ever-changing protection technologies, a business can get the assistance from third-party computer security providers. Managed services from trusted IT security providers combine the most advanced automated tools with professional expert support to ensure timely detection, threat hunting and remediation.
To learn more about cybersecurity management, budgets, and recent trends in incident response, see the report “IT Security Economics 2021: Managing the Trend of Growing IT Complexity” here.