《瀚纳仕(Hays):2023全球网络安全报告(英文版)(11页).pdf》由会员分享,可在线阅读,更多相关《瀚纳仕(Hays):2023全球网络安全报告(英文版)(11页).pdf(11页珍藏版)》请在三个皮匠报告上搜索。
1、TACKLING THE CYBER SKILLS GAPGlobal Cyber Security Report 2023Experts in Technology03 Introduction James Milligan,Global Head of Technology Solutions04 About the survey05 Organisation Reporting structure,attack experiences and strategy06 Investment Share of budget and changes to spend for 202307 Hir
2、ing In-demand skills and recruiting talent08 Retention and skills Retaining and upskilling existing talent09 The Hays view10 Cyber in the Spotlight video series11 Next stepsCONTENTS2|Global Cyber Security Report 20233|Global Cyber Security Report 2023While it was already becoming a necessity for the
3、 vast majority of organisations,recent events have meant that the rate of digital transformation has accelerated over the last three years.That means an increase in data management,while hybrid and remote working means that workers need secure access to their employers servers.These changes have aff
4、orded threat actors greater opportunities to exploit organisations and infrastructure than ever before,as well as provided added motive.All of this has meant that the demand for people with cyber security skills has increased.At Hays,we placed over 750 people into roles in 2022 as organisations soug
5、ht the talent needed to implement their defence strategies.However,as this demand outweighs the supply of people with experience or accreditations in cyber security,its not always straightforward to fill those roles.Is this skills shortage affecting organisations significantly?And,if so,how?This is
6、why weve decided that its the right time to create our first global report.Our study,carried out in the final months of 2022,aimed to explore how organisations around the world have adapted their cyber security strategy to tackle todays threats,as well as the challenges theyve faced in doing so.By s
7、urveying security leaders from across several industries and seniority levels,we wanted to discover which factors were impacting their ability to hire and retain talent,and whether the level of investment from their organisation is meeting their needs.The most revealing finding was the extent to whi
8、ch organisations have been impacted by the lack of qualified candidates in cyber security.Overall,90 per cent of leaders said the skills gap had affected their ability to implement their cyber security strategy.Its not been easy to address,either.Hiring talent is an issue,with roughly two thirds of
9、leaders admitting that they do not rate their organisations ability to recruit people working in cyber security highly.Finding incentives to retain and train your existing talent becomes even more important,especially as they receive offers from organisations facing the same problem.Providing learni
10、ng resources is attractive to employees and,given the benefits it brings to an organisations cyber security strategy,the investment is worth it.Despite this,many of our respondents were concerned about the funds being allocated to cyber security within their organisation.Although companies have reac
11、ted to global events by putting more money into security,almost half of leaders expect minimal change to their budget in 2023.Our study has shown that finding and hiring the right talent is a significant challenge for businesses globally,and that the lack of skills is affecting security.Whats the so
12、lution?At Hays,we like to talk about undiscovered talent.On one hand,these might be people out there who dont have the exact experience that organisations are seeking,but would be a huge asset if theyre open to training.On the other hand,undiscovered talent may also refer to those who arent given th
13、e same opportunities as their peers in either education or the world of work,but can bring plenty to your organisation.In addition to people coming from a low socio-economic background,there are also those we aim to help through our Focusing On Employment Inequity report,such as those living with a
14、disability or young people struggling to start on the career ladder.In this report,youll find insights on all of the challenges that cyber security leaders are facing in 2023,from protecting their organisation to retaining trained employees.If you are having similar experiences to our respondents,we
15、ve also suggested some steps that you can take to ensure sustainable cyber security success.Lastly,Id like to thank all of the respondents who took the time to complete our survey.Without your help,we would not be able to provide these insights.James Milligan Global Head of Technology Solutions,Hays
16、INTRODUCTIONTHE DEMAND FOR CYBER SKILLS90%of leaders said the skills gap had affected their ability to implement their cyber security strategy.4|Global Cyber Security Report 2023ABOUT THE SURVEYUKI and EMEA Austria Belgium Czech Republic France Germany Hungary Ireland Italy Luxembourg Poland Portuga
17、l Saudi Arabia Spain Sweden Switzerland UK UAEAmericas Brazil Canada Chile Colombia Mexico USAAsia and ANZ Australia China Japan Malaysia New Zealand SingaporeWe carried out our research across 29 countries,surveying over 1,000 cyber security leaders.The study explored how organisations are respondi
18、ng to recent global events,their investment in cyber security,their challenges in hiring and retaining staff,as well as the skills our respondents sought and how these were developed among the workforce.When examining the data,we investigated whether there were any discrepancies from region to regio
19、n,in order to provide local insights.However,our analysis revealed little to no variation-the findings in this report reflect what is happening around the globe,as leaders face the same challenges and turn to the same solutions.Employees at our respondents organisationsSeniority level of our respond
20、ents0-100C-suite5,000+VP101-1,000Director1,001-5,000Manager17%16%37%10%25%24%21%50%5|Global Cyber Security Report 2023ORGANISATIONIn order to gain insights into how organisations are responding to cyber threats,we needed to understand how they are being affected and where their security team fits in
21、 the reporting line.The pandemic and geo-political climate have affected organisations securityCyber security teams are not always positioned strategicallyWhat type of attacks have you experienced?PhishingRansomwareMalware/VirusData Loss/TheftExternal46%84%31%48%30%of leaders do not believe that the
22、ir cyber security team reports into the right part of their organisationof leaders feel that recent global events have had a Major or Moderate impact on their organisations cyber risk profile of leaders state that security awareness in their organisation is greater than in 2019 34%72%77%Many leaders
23、 report that recent global events,such as geo-political conflicts and the pandemic,have affected the cyber risk profile at their organisation.The pandemic in particular has accelerated the need for digital transformation,which has given greater opportunities to cyber criminals-84 per cent of leaders
24、 reporting that their organisation experienced a phishing attack in 2022.Employees have had to become savvier as a result,with 77 per cent of leaders reporting that cyber security awareness is greater than it was three years ago.Organisations have had to respond swiftly to combat potential threats,b
25、ut incorporating cyber security into their strategy has not been a natural process for everyone.A third of leaders do not agree that cyber security sits in the correct reporting line within their business.6|Global Cyber Security Report 2023INVESTMENTWe wanted to explore how organisations are investi
26、ng in cyber security,and whether their budget has increased as a result of global events and trends.Investment is not necessarily aligned with security leaders needsObtaining investment in cyber security has been easier since the pandemicStrongly agreeDisagreeAgreeStrongly disagreeN/ANeutral37%11%14
27、%34%3%1%of leaders expect“Minimal change”to their budget in 2023of leaders are“Extremely”,“Very”,or“Moderately”concerned about their budget in 202347%68%With security a concern across the globe,leaders are looking for a financial commitment from their organisation.Over a fifth of our respondents rep
28、ort that at least ten per cent of their organisations IT spend is allocated to security.However,while only 17 per cent of leaders disagree with the statement that investment in cyber security has been easier to receive since the pandemic,almost half expect minimal change to their budget in 2023.As a
29、 result,there is a concern over whether investment in cyber security will be sufficient for tackling todays threats.What is your organisations annual spend in cyber security in proportion to IT budget?0-2%7-8%3-4%9-10%11%+5-6%18%14%10%15%21%22%7|Global Cyber Security Report 2023HIRINGWith the skills
30、 gap posing problems in tech,we wanted to understand the challenges that organisations face in recruiting talent.Employers are turning to unexplored talentOrganisations struggle to recruit cyber security talentOrganisations seek front-line skillsTop five challenges in hiring talent1 Salary expectati
31、on2 Missing skills3 Competition4 Length of working experience5 Lack of experience at a similar organisation Top five skills/implementations that would enhance security capability1 Cloud security2 Governance,Risk and Compliance3 Security Architecture4 Security Engineering5 SIEM/SOCof leaders do not r
32、ate their organisations ability to attract cyber security talent highlyof leaders are likely to recruit somebody without formal IT security accreditations66%56%When asked what would improve the security capability at their organisation,leaders mostly named skills that would reinforce the front line
33、of defence,such as cloud security and architecture.This aligns with our own insights,as globally were seeing highest demand for engineers and architects.However,the challenge is to find workers with the knowledge and experience required to fill roles within their organisation.Meanwhile,leaders face
34、competition in hiring those with the right credentials,who,in turn,are able to demand a higher salary.In fact,two thirds of leaders do not rate their ability to attract cyber security talent highly.This means that organisations must look for unexplored or untrained talent,an approach that they are o
35、pen to.Over half of the leaders surveyed state that they are likely to hire workers who dont hold formal accreditations.“Two-thirds of leaders do not rate their ability to attract cyber security talent highly.”8|Global Cyber Security Report 2023RETENTION&SKILLSIts necessary to equip the workforce wi
36、th new skillsSkills shortages are affecting securityof leaders believe a skills shortage has impacted their ability to implement their cyber security strategyof leaders say that their organisation invests in upskilling its cyber security workforce90%71%The shortage in skills is having an impact acro
37、ss the board,with 90 per cent of leaders revealing that it has affected their security implementation.If the experienced talent isnt readily available,organisations must find new ways to fill these roles.In order to close the skills gap,leaders believe upskilling and cross-training their team member
38、s(i.e.teaching them how to perform in new roles)are the best routes to success.Indeed,many leaders report that their organisation invests in training employees;however,this investment does not stretch to retaining their existing talent,as employers instead offer work-life balance perks over monetary
39、 reward.“Many leaders report that their organisation invests in training employees;however,this investment does not stretch to retaining their existing talent”Skills development is used for the benefit of organisations and workers alikeTop five strategies to close the cyber security skills gap1 Upsk
40、illing2 Cross-training3 Recruitment partner4 Hire,train and deploy5 University outreach Top five strategies for cyber security talent retention1 Remote and hybrid working arrangements2 Work-life balance/Wellness offering3 Flexible hours4 Professional development opportunities5 Career growth&progress
41、ionIn addition to hiring,how are organisations retaining existing talent and equipping them with the skills they need?9|Global Cyber Security Report 2023THE HAYS VIEWEdmond Pang Director,Cyber Security,APAC Similar to the global landscape,there is no surprise that cyber threats have increased in the
42、 APAC region given COVID lockdowns being the perfect storm,with some high-profile breaches highlighted in the media.As a result,were seeing countries stepping up with their policies and investment into cyber.For example,Australia has increased penalties for businesses that do not sufficiently protec
43、t customer data,while the Security Of Critical Infrastructure Act(SOCI)has been amended to strengthen the security and resilience of critical infrastructure.New Zealand has updated and finalised the New Zealand Information Security Manual(NZISM)with four policy changes in September 2022.Japan has st
44、epped up on regulatory requirements in industries such as Banking and Insurance,and the Malaysian government has announced increased fundings into the Tech&Cyber security space.Overall,the APAC cyber market will continue to be hot but there are extreme challenges related to the constant war for tale
45、nts.Apart from the typical security roles,we have seen an increased need for talents within GRC,CTi,IAM and Security Forensics across the region,but again a lack of suitable talents within the market.James WalshDirector,Cyber Security,UK&IrelandAs across the rest of the globe,the cyber threat to UK&
46、I organisations has been growing exponentially.There is a battle to combat a variety of threat actors across all sectors and,ever increasingly,a war for talent too.As an industry,we have to look more at bringing in diverse talent pools that offer different skills and approaches to tackle the problem
47、s.A positive from the report is that over 70 per cent of organisations invest in upskilling their cyber professionals.Through our Permanent,Contract,Statement of Work and Hire Train Deploy offering,we are helping organisations to improve their security posture and diversity.Miguel DuranDirector,Cybe
48、r Security,North America I am very excited for this inaugural release of the Hays Global Cyber Security Report.With the ever-growing demand in the market,we at Hays wanted to provide a comprehensive deep dive into the global andregional challenges security leaders face and how key global events have
49、affected the threat landscape,along with how to adapt and overcome ina heightened skill-shortage economy.This,along with our annual salary guide,will be a great tool for cyberleaders to use,and help overcome internal conversations around how to pivot in this fluid state we are currently in.Michael B
50、eaupreHead of Cyber Security Solutions,EMEA&DACHCyber crime tears through our lives like a raging storm and does notdiscriminate.It can devastate any company anywhere.From small localbusinesses to large global enterprises and everything in between.Are we collectively prepared to weather these cyber
51、storms?The majority of employers are struggling to hire top talent and see this gap as a significant risk to their cyber security strategies.We must partner as a community and develop new and innovative ways to attract,train,and retain cyber security talent.Over two-thirds of security leaders polled
52、 around the world are worriedabout their budget,and we must jointly optimise our investments incyber security technology and capability.This means working togetherwith cyber security providers and talent providers on a broad scale andengaging board level leaders to identify the most critical assets
53、in eachcompany.We cant afford to protect everything,and we must prioritisebased on risk,resiliency,and operational relevance.Understanding that we are all in this fight together and the challengeswe face are not unique to our countries or our industries helps us sharesolutions and capabilities acros
54、s boundaries.Cyber criminals know noboundaries,and our responses should harmonise across borders.Hays experts give their thoughts on the findings in our report and what they mean for leaders in 2023.As an industry,we have to look more at bringing in diverse talent pools that offer different skills a
55、nd approaches to tackle the problems.10|Global Cyber Security Report 2023CYBER IN THE SPOTLIGHT VIDEO SERIESDeepayan Chanda Principal Cybersecurity Architect,Lab49 With this constant skills shortage challenge,IT certifications or any kind of education in cyber security do play a valuable role.Howeve
56、r,in order to get the most value out of certifications,people should align these with the career path theyre choosing.I believe that most certifications are not dependent on location.There are multiple things we can do to hire and retain talent.Let the candidate or employee know what the role is all
57、 about there should be no ambiguity in the role definition.Keep an eye on market trends,as compensation does play a huge part in retaining talent on a case-by-case basis.Lastly,and possibly the most important:empower the role itself.People want to see the impact of the work they are doing and,if tha
58、t is not visible,then its really a challenge to keep talent.Watch the full interview here Niamh MuldoonCISO,FenergoAttracting talent is one thing,retaining talent is something different.Its up to a CISO to retain top talent.Its about understanding where people want to go in their career and fuelling
59、 them with the skillset,expertise and experience to get there.People need to know the big picture and understand what they can get in terms of opportunities from their organisation.Were very focused on technology.If you take a step back and look at what information is all about,its confidentiality,i
60、ntegrity and availability of data.The opportunity there is to think about security in a wider context,and not just focus on technology.Watch the full interview here Ron BusharSenior VP and Global Government CTO,MandiantIn the same way that theres a global arms race in cyber,theres a global talent ra
61、ce in the same dimension.Weve recognised that you cant continue to take the approach of,“I only want the best person in cyber intelligence,I only want the best incident response guy in the world etc.”Theres only a few of those,so we have to shift our thinking around how to train and equip the next g
62、eneration.Dont just look at somebodys resume and say,“they dont have 20 years of experience and a degree in cyber security,so theyre no good”.It is so important to embrace diversity,expand your aperture of who youre attracting to come to the organisation and then take the time to train them.I cant t
63、ell you how many candidates come through that you would say dont have the traditional experience,but have been able to come into a role,train with experts in the field and quickly become extremely capable.Watch the full interview here In our YouTube mini-series,we spoke to cyber security leaders wor
64、ldwide to gain insightsinto the way they work,the changes theyre seeing and the challenges they navigate.It is so important to embrace diversity,expand your aperture of who youre attracting to come to the organisation and then take the time to train them.11|Global Cyber Security Report 2023NEXT STEP
65、SConsider unexplored talentAlthough they may not have the experience or complete skillset,there are people out there with the learning mindset to help your business.Broaden your search and think about the relevant skills any recruits would need and which they could build upon with the right training
66、.Similarly,theres talent with the skills youre looking for,but who have so far found it difficult to get on in the world of work.Hays is partnered with neurodiversity experts Genius Within,who assist organisations in bringing in neurodivergent talent.We also focus on developing and training those wh
67、o face barriers in getting into the workplace,such as people from lower socio-economic backgrounds or those living with a disability.Upskill your current talentIts vital that your organisation stays ahead of cyber criminals through continuous learning.Ensure that senior leadership are aware of its i
68、mportance and that your cyber security team are familiar with the latest practices and technologies.At Hays,we provide solutions and resources for upskilling in this area.If youre seeking help around training your workforce,contact us at Find experienced talentAs a lifelong partner to businesses aro
69、und the world,Hays are well placed to find the right solutions to your staffing needs.From identifying existing talent to training those with potential,were working for your tomorrow to help your organisation succeed in the short and long term.If youd like to speak with one of our expert cyber secur
70、ity consultants about your team and its strategy,get in touch today.This report has highlighted that the skills shortage in cyber security is having an impact on organisations defence strategies.With this skills gap posing a problem for many cyber security leaders who are hiring,its important that o
71、rganisations find an effective solution.Here are some recommendations we have for next steps:ABOUT USAt Hays,we invest in lifelong partnerships that empower people and businesses to succeed.We know that in a fast-moving market like tech,its even more important to provide organisations with quick acc
72、ess to top talent who will make a real difference.Weve spent years nurturing an ecosystem of highly engaged and unique candidates,and will work with you to grow or scale your business using our unique expertise aligned to sectors and technologies.Our insights are powered by experience,intelligence a
73、nd data,made possible by our investment in new technologies and systems.A trusted partner to organisations across the globe,whether you need a professional or a whole new team,we can help you plan for tomorrow.Find out more at Copyright Hays plc 2023.The HAYS word,the H devices,HAYS WORKING FOR YOUR TOMORROW and Powering the world of work and associated logos and artwork are trademarks of Hays plc.The H devices are original designs protected by registration in many countries.All rights are reserved.