Why Cutting Cybersecurity Jobs Is Shortsighted

Could your company survive if it was taken offline for an entire week? What would be the repercussions and how much would it cost to recover? Trading group Ion found out last month when they had to experience this first-hand after a ransomware attack caused huge disruptions to customers, which included some of the world’s largest banks. 

Financial leaders know the threat of cyberattack is ever-present and ever-growing. As the Bank of England reported late last year, cybersecurity is the number one risk for financial institutions. The impact of remote working has led to a rise in ransomware hacks, while a surge of DDoS attacks linked to the Russian war on Ukraine has all contributed to an increasingly threatening cyber landscape. 

However, as cyber complexity rises, we also see a trend of “brutal” job cuts across the sector, threatening vital roles in already-stretched cybersecurity teams. Cost-cutting is being cited as the driver behind a growing number of security leaders and engineers being cut from headcounts. 

This is a stark turnaround from previous years’ trends which saw organisations struggling to hire the required cybersecurity skills, leading to a vast leap in cyber salaries.

In our turbulent economic climate, it might be tempting, therefore, to see cybersecurity as an area ripe for trimming. As Joseph Thomssen, a senior cybersecurity recruiter at NinjaJobs, recently told SecurityWeek, “Many of these layoffs in cybersecurity seem to be short-term attempts to save money.” 

This is a very dangerous tactic. Firstly, firing staff in the short term will make re-hiring much harder. Reputation as an employer is damaged easily, especially within cybersecurity which is a close community. In the UK, where there is a severe cyber skills gap, fire and rehire is not a viable option and this has been compounded by news of the closure of programs such as the Tech Nation visa scheme, which supported overseas talent to bolster the UK’s cybersecurity workforce. Fire now, regret later. 

Squeezed Security Teams Could Set Companies Up For Failure 

Cyber teams are already struggling, and as cuts are made, the remaining team is left to pick up the slack - doing even more with even less. As uncovered by the Information Systems Security Association (ISSA), over half of organisations are being impacted by a lack of cybersecurity skills, with the result being an excessive workload for existing talent. Nearly four in ten cybersecurity professionals say they have experienced burnout due to the pressures of increasing risks and lack of support. When teams are understaffed and burnt out, cyber risk only increases, which can have devastating consequences for individuals and organisations alike. 

In the face of expanding threats, rather than shrinking cyber teams, financial organisations should consider investment in strategies and tools to support them. For example, working with managed security partners can remove the burden of identifying and mitigating risk and reduce the attack surface, securing data, applications, systems, and devices at all times. With real-time threat intelligence utilising AI and ML, such partners free in-house cybersecurity teams to focus on supporting broader, strategic initiatives. As such, an MSP provides scalable security options based on organisational requirements and the cyber teams' size, skillset and important strategic drivers.

For example, while cyber risk is rising, financial organisations are also undertaking rapid digital transformation, from online trading to mobile banking, digital currencies and app proliferation.  Increasing cloud adoption and integration of SaaS offerings moves critical business assets outside of the traditional network perimeter. According to ISSA, those making this shift to the cloud find it even more challenging; 39% of organisations struggle to fill cloud computing security roles.

While digital transformation has countless benefits for businesses, we must remain conscious of the cyber risks associated with cloud adoption. 

With financial institutions a prime target for malicious actors, cybersecurity is now a core driver for financial institutions, but beyond that, it is also fundamental to supporting innovation. 
With increasing regulatory requirements and soaring customer expectations, the need for transformation and innovation to be built on a secure base is fundamental.

As Candy Alexander, board president of ISSA International, warns, “Cybersecurity is seen as a cost centre to the business -- something you have to do, but only to a minimal degree, like paying the light bill. We need to shift the conversation to aligning our security programs with the business." 

Rather than making short-term cuts and regretting it down the line, business leaders should look at smarter investments to strengthen existing security. This means enhancing teams and supporting them to function at their full potential.

Dan Davies is CTO at Maintel

You Might Also Read: 

Cyber Security Is The CEO’s Biggest Problem:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« British Cyber Security - New Threats Call For Action
Deepfakes Are Making Business Email Compromise Worse »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

ComCode

ComCode

ComCode provides consulting services and solutions in the area of digitization and cyber security for mid-sized and big businesses.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

Executive Women's Forum (EWF)

Executive Women's Forum (EWF)

The Executive Women's Forum is the largest member organization serving emerging leaders and influential female executives in the Information Security, Risk Management and Privacy industries.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

Xilinx

Xilinx

Xilinx is the inventor of the FPGA, programmable SoCs, and now, the ACAP. We are building the Adaptable, Intelligent World.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

Scybers

Scybers

Scybers are a global cybersecurity advisory and managed services company. With our deep expertise, we help our clients reduce their cyber risks with confidence.

NASK

NASK

NASK is a National Research Institute under the supervision of the Chancellery of the Prime Minister of Poland. Our key activities involve ensuring security online.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

Safe Decision

Safe Decision

Safe Decision is an information technology company offering Cyber Security, Network, and Infrastructure Services and Solutions.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.