UK business least likely to offer rewards to infosec professionals
UK firms need to rethink incentives to attract and retain people with cyber security skills, according to the findings of a recent global study.
UK businesses are currently the least likely to offer incentives to cyber security staff to reward them for their performance and efforts, a global report reveals.
Some 42% of UK organisations – the highest proportion globally – do not have incentives for information security professionals, according to the report by Intel Security and the Center for Strategic and International Studies (CSIS).
The report, which polled 800 infosec pros, examines the difference between the incentives available to IT professionals who defend against cyber attacks compared with the incentives for attackers.
The report suggests UK businesses can learn more from the incentives on offer to attackers, and can use this knowledge to attract, motivate and retain information security professionals more effectively.
Attracting and retaining people with cyber security skills is challenging for most companies in the face of a worldwide shortage, with 1.8 million infomation security-related roles expected to remain unfilled worldwide by 2022, according to the latest Global Information Security Workforce Study from (ISC) 2 .
“Misaligned incentives between attackers and defenders mean that the decentralised market in which cyber criminals operate makes them adapt and innovate faster and more efficiently than defenders, whose incentives are shaped by bureaucracies and top-down decision making,” said the report.
According to the report’s authors, this means companies and governments will need to rethink how they measure, reward and incentivise those working in cyber defence.
“The cyber crime market is efficient, and the incentives for cybercriminals are clear and compelling,” said the report. “The same is not true for defenders. Criminals flourish in this market, but most defenders work in bureaucracies. In most companies, cyber security is the responsibility of a diverse range of groups and individuals using different (and sometimes conflicting) metrics for success.
“Incentives are not only misaligned between attackers and defenders, but also in companies.” This indicates the need for a cultural shift in the way defenders are recognised and rewarded.
© Source: http://www.computerweekly.com/news/450415576/UK-business-least-likely-to-offer-rewards-to-infosec-professionals
All rights are reserved and belongs to a source media.