Why Cutting Cybersecurity Jobs Is Shortsighted

Could your company survive if it was taken offline for an entire week? What would be the repercussions and how much would it cost to recover? Trading group Ion found out last month when they had to experience this first-hand after a ransomware attack caused huge disruptions to customers, which included some of the world’s largest banks. 

Financial leaders know the threat of cyberattack is ever-present and ever-growing. As the Bank of England reported late last year, cybersecurity is the number one risk for financial institutions. The impact of remote working has led to a rise in ransomware hacks, while a surge of DDoS attacks linked to the Russian war on Ukraine has all contributed to an increasingly threatening cyber landscape. 

However, as cyber complexity rises, we also see a trend of “brutal” job cuts across the sector, threatening vital roles in already-stretched cybersecurity teams. Cost-cutting is being cited as the driver behind a growing number of security leaders and engineers being cut from headcounts. 

This is a stark turnaround from previous years’ trends which saw organisations struggling to hire the required cybersecurity skills, leading to a vast leap in cyber salaries.

In our turbulent economic climate, it might be tempting, therefore, to see cybersecurity as an area ripe for trimming. As Joseph Thomssen, a senior cybersecurity recruiter at NinjaJobs, recently told SecurityWeek, “Many of these layoffs in cybersecurity seem to be short-term attempts to save money.” 

This is a very dangerous tactic. Firstly, firing staff in the short term will make re-hiring much harder. Reputation as an employer is damaged easily, especially within cybersecurity which is a close community. In the UK, where there is a severe cyber skills gap, fire and rehire is not a viable option and this has been compounded by news of the closure of programs such as the Tech Nation visa scheme, which supported overseas talent to bolster the UK’s cybersecurity workforce. Fire now, regret later. 

Squeezed Security Teams Could Set Companies Up For Failure 

Cyber teams are already struggling, and as cuts are made, the remaining team is left to pick up the slack - doing even more with even less. As uncovered by the Information Systems Security Association (ISSA), over half of organisations are being impacted by a lack of cybersecurity skills, with the result being an excessive workload for existing talent. Nearly four in ten cybersecurity professionals say they have experienced burnout due to the pressures of increasing risks and lack of support. When teams are understaffed and burnt out, cyber risk only increases, which can have devastating consequences for individuals and organisations alike. 

In the face of expanding threats, rather than shrinking cyber teams, financial organisations should consider investment in strategies and tools to support them. For example, working with managed security partners can remove the burden of identifying and mitigating risk and reduce the attack surface, securing data, applications, systems, and devices at all times. With real-time threat intelligence utilising AI and ML, such partners free in-house cybersecurity teams to focus on supporting broader, strategic initiatives. As such, an MSP provides scalable security options based on organisational requirements and the cyber teams' size, skillset and important strategic drivers.

For example, while cyber risk is rising, financial organisations are also undertaking rapid digital transformation, from online trading to mobile banking, digital currencies and app proliferation.  Increasing cloud adoption and integration of SaaS offerings moves critical business assets outside of the traditional network perimeter. According to ISSA, those making this shift to the cloud find it even more challenging; 39% of organisations struggle to fill cloud computing security roles.

While digital transformation has countless benefits for businesses, we must remain conscious of the cyber risks associated with cloud adoption. 

With financial institutions a prime target for malicious actors, cybersecurity is now a core driver for financial institutions, but beyond that, it is also fundamental to supporting innovation. 
With increasing regulatory requirements and soaring customer expectations, the need for transformation and innovation to be built on a secure base is fundamental.

As Candy Alexander, board president of ISSA International, warns, “Cybersecurity is seen as a cost centre to the business -- something you have to do, but only to a minimal degree, like paying the light bill. We need to shift the conversation to aligning our security programs with the business." 

Rather than making short-term cuts and regretting it down the line, business leaders should look at smarter investments to strengthen existing security. This means enhancing teams and supporting them to function at their full potential.

Dan Davies is CTO at Maintel

You Might Also Read: 

Cyber Security Is The CEO’s Biggest Problem:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« British Cyber Security - New Threats Call For Action
Deepfakes Are Making Business Email Compromise Worse »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

Cyberlitica

Cyberlitica

Cyberlitica (formerly iPhish) provides a Workforce Threat Intelligence application that significantly augments companies’ cyber threat prevention efforts.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

Encova Insurance

Encova Insurance

Encova’s cyber liability coverage protects you and your customers in case of a security breach in your company's data.

Pulsant

Pulsant

Pulsant is the UK’s premier digital edge infrastructure company providing next-generation cloud, colocation and connectivity services.

Vercara

Vercara

Vercara offers a purpose-built, global cloud security platform that provides layers of protection to safeguard businesses’ online presence, no matter where an attack comes from or where it is aimed.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Securily

Securily

Securily offers the ultimate solution for small to medium-sized businesses, blending cutting-edge AI with expert human insight to deliver the world’s easiest and most effective pentesting experience.