Cyber Security is becoming increasingly important as more and more businesses collect increasing amounts of sensitive data about their customers and staff. The media has covered many high profile cyber-attacks in recent years highlighting the lack of corporate strategies for Cyber Security at all levels.
In addition, companies are being tasked to respond to the new General Data Protection Regulations (GDPR) that will be coming into effect in May 2018, which will allow fines of up to 4% annual turnover, if a company is found to not have sufficient active information security risk and contingency plans in place to protect their personal data.
Within this context, Cyber Security skills, which allow companies to put in place fit for purpose and value for money security processes, have become more in demand. Even specialist companies are struggling to keep abreast with the growing Cyber Security skill demand, meaning that salaries for people skilled in Information Security Management Systems (ISMS) rise as the shortage continues.
There’s no question that Cyber Security professionals are sought after. But are we better off hiring and training our own talent or is it more efficient to contract out? Obviously there are pros and cons to each approach, here we consider these in more detail:
Basic Security Knowledge is Lacking Amongst Many Employees
Firstly, every task that an employee completes, as soon as they are on the company system or are handed a laptop or mobile phone, can cause a breach in security. The growing risk of attacks is not new, yet still employees lack even the most basic knowledge of how to prevent attacks and what to do when one occurs. In order to work within the new regulations, many companies will have to start by going back to the basics, the core, to HR and the methods by which staff work.
By bringing your Cyber Security in-house, with a strategy carried out by your own IT team, who are trained to your company’s specific needs, reporting to senior management on a regular basis, you are in a better position to embed a safe Cyber Security structure and culture into the working life of your company.
Companies Are Breaching Their Own Security Without Realising
Secondly, outsourcing many different company functions such as HR or finance, as well as freelancers who work within core teams is becoming increasingly popular. This means that companies are passing sensitive data on to third parties and therefore causing a breach of security that possibly no-one within the company is aware of.
An in-house Cyber Security team or member of staff who is integral to the company and who knows your company inside out is more likely to pick-up on this potential risk rather than an external provider who is not part of your team and does not have day-to-day communication with different departments. Again, this is crucial for not just GDPR compliance but also to protect your company from external cyber-attacks.
Cyber Security Is Not a One-Off Task
Outsourcing can prove to be a cost-effective solution in situations where companies need a specific skillset in order to overcome particular problems or carry out certain tasks. External companies command a much higher hourly rate than an in-house member of staff, but if it is for a ‘one-off’ function then it is cheaper for that company to invest in one-off external help as opposed to investing in a range of skills and software which they are unlikely to use again.
That said; Cyber Security now and in the future is not a ‘one-off’ and occasional task. Cyber Security strategies need to stand at the centre of a company. Senior managers and board members need to understand how Cyber Security sits within their company risk register and how it needs to be embedded into both existing and new products and services.
To do this, organisations need someone on the case who has all the knowledge of the company, who is trustworthy, affordable and available. An in-house member of staff who has all of the above plus a greater personal investment in the company is best placed to deliver this. Every company is unique of course and usually a sensible option is a combination of both.
At ELATT, we can help to find you the ideal Apprentice in Cyber Security to ensure your business remains safe and secure when it matters most. For more information, Contact us today.