By Steve Maguire – (first published Nov 2018)
So why is there such a huge supply and demand crisis in cyber security? Is it one big thing or is it because of a culmination of factors? Has regulation become the gamechanger?
GDPR Panic Stations!
On May 28th 2018 the inception of the GDPR was due to become a watershed moment for customer data protection. Superseding the Data Protection Act, GDPR placed a greater emphasis of accountability on organisations to prevent the carefree sharing of consumer data. Whether the hype was justified, remains to be seen.
What will be interesting, in terms of analytics, is the effect that GDPR has had on SME’s to up their game in terms of preventing data leakage. No organisation to date has been hit with the huge 4% of global turnover fine, but has the spectre of this threat been enough to make organisations take stock of their cyber hygiene and therefore elicit the support of the growing number of MSSP’s out there; or maybe there’s still a culture of dismissing the threat as nothing but hyperbole? Research suggests that there exists a greater demand for cyber security services and GDPR could be a factor in this.
GDPR will undoubtedly improve governance and compliance operations for most responsible organisations; for instance, the 2018 Government white paper: 2018 Cyber Breaches Survey, identified that only 13% of all businesses in the UK had effective incident response policies in place in the event of a cyber-attack. Clearly room for improvement, but in all probability, much of this commitment has and will be outsourced to MSSP’s.
But it’s not just GDPR causing the exponential growth in the cyber security industry… is it? Of course, the GDPR places greater financial, conduct and regulatory risk on organisations, but what else is creating this massive demand for resources and solutions?
The 4R Supply/Demand Paradigm
Break this down into four parts and we might find some high-level context as to what the problem is. Two things for sure are happening right now, firstly there is a huge demand for services, which means the supply line needs to grow; simple economics eh?
Crisis of Demand
Risk: The threat actor is becoming more prolific and sophisticated; the intensity of attacks is increasing and the damage being caused is significant.
Regulation: GDPR prevents the unethical prevention of breach notifications; places a greater financial penalty on businesses that do not comply.
Higher risk of attacks and regulation are causing a greater demand for cyber security services, which creates a…
Crisis of Supply
There are not enough cyber security professionals to go round; the existing circuit of operators is completely maxed out!
Recruitment: Demand has caused a growth of suppliers, but there are not enough resources available to sustain the demand. Currently there is 0% unemployment in cyber-security and 3.5 Million resources are required by 2020 to cope with the demand.
Retention: With an average yearly increase of 10% in salaries, businesses are pulling out all of the stops to retain talent. More contract-to-hire opportunities are being taken by existing professionals, thus ramping up costs for hiring-managers.
It appears that cyber security services are in the midst of a perfect storm of high demand and low supply. The food chain of demand, ultimately ends with the need for a resource at the endpoint managing and responding to alerts; there is no getting away from it. So, if the existing service providers are struggling to cope with client demand; what needs to happen? More people are required to come into the industry, that is for sure!
Increased capability + Higher Demand = More people!