Plan your next cyber security move

Cyber resilience is a whole of business concern, but even cyber security teams are struggling to keep up.
 
The threat of cyber security breaches is constant, and the damage they can cause is becoming greater. The average cost of a cyber breach to an organisation is more than $270,000, however companies that fail to adequately protect customer data could face fines of $50m or more under a legislation that was introduced in the back half of 2023.
 
The risks cyber security pose are so great that the government is creating new regulations to keep businesses and customer data safe. In 2019, APRA introduced prudential standard CPS 234 Information Security to ensure that financial service and insurance businesses have appropriate measures to be resilient against information security incidents (including cyber attacks) by maintaining appropriate information security capabilities. And they are rigorous in ensuring compliance. In July this year APRA released the results of an independent tripartite cyber assessment, which will eventually cover more than 300 businesses, and the results highlight several concerning gaps.
 
The businesses reviewed failed to meet the standard in six key areas: 
 
  1. Incomplete identification and classification for critical and sensitive information assets. 
  2. Limited assessment of third-party information security capability. 
  3. Inadequate definition and execution of control testing programs.  
  4. Incident response plans not regularly reviewed or tested. 
  5. Limited internal audit review of information security controls.
  6. Inconsistent reporting of material incidents and control weaknesses to APRA in a timely manner. 
This report highlights the fact that organisations are still struggling to equip their cyber security teams with the right capabilities whether through lack of understanding of the requirements or through an inability to secure the skills that are needed in the current tight tech talent market. It also demonstrates that cyber security is a whole of business concern, not just limited to a cyber security team.
 

In demand Cyber Security roles

 
While cyber security needs to be a concern for all employees, there are a number of roles within this team specifically that organisations are currently looking for. These include:
 
  • Operational security (SOC and SIEM) 
  • Cloud Security 
  • SecDevOps and penetration testing skills 
  • Application security
  • Digital forensics and incident response 
  • Security operations and engineers 
  • Security architecture and threat intelligence 
  • Staff and customer identity specialists  
  • IAM platform implementation 
  • Security consulting
While we know these roles are in high demand, the supply of talent to fill these roles is increasingly challenging to find. Our Cyber Security Report found that globally more than 90 per cent of leaders said that the skills gap has affected their ability to implement their cyber security strategy. Additionally our latest Salary Guide: IT Edition found that 21 per cent of employers in the technology industry are looking to increase headcounts in the year ahead, but only 43 per cent of technology workers intend to stay with their current employer. The top factors driving turnover include; a lack of promotional opportunity, an uncompetitive salary, poor management style or workplace culture. What are tech workers looking for? The opportunity to improve their technical skills, a pay rise and the option to work flexibly. 
 
If you want to keep up with changes companies are facing, consider these factors.
 

Plan ahead

Understanding an organisation’s future needs in the technology space can be challenging as the pace of change in this sector is fast. Now, as many businesses have embedded their digital transformations, they are realising the future opportunities that are now available to them. By understanding future recruitment efforts you can stay one step ahead of the game with hiring intentions to meet the demand with your skills.
 

Consider what your resume says about you

As employers struggle to find the right talent, consider what opportunities this might have for your job search. You may be wanting to explore opportunities in new industries or roles. If so, make sure your resume makes it easy for employers to understand the transferable skills you offer.
 

Reflect and retrain

The pace of change in the technology sector is faster than most others, and therefore your skills can become redundant faster than other industries. Technology professionals should be updating their skills with ongoing learning and training.
 
00