A slew of high-profile hacks on firms like TalkTalk, Sony, and JD Wetherspoon have stoked tensions among companies and the public over cyber crime.
Demand for engineers has long been white hot, according to (ISC)2, the security certification and industry body. But the need for managers who can bridge the executive suite with technologists is increasingly high. And demand is set to outstrip supply.
“There is an insufficient amount of expertise in this area,” says Tad Oelstrom, a cyber security expert at Harvard University, who teaches a $7,600 course on the topic, which attracts chief information officers and other board-level executives.
Cyber security Job adverts in the US took 14% longer to fill than the average for all jobs, according to Burning Glass, a recruitment technology firm, making it hotter than even data science.
“There’s huge demand,” says Stuart Madnick, professor of information technology and director of (IC)3, MIT Sloan’s cyber security initiative.
He says that banks like HSBC collectively have openings for hundreds of cyber security professionals. “They not only need people at junior levels; they need people in decision making roles that understand the consequences of cyber attacks. That expertise is lacking,” Stuart says.
The Global Information Security Workforce Study estimates that the global cyber security workforce shortage will widen to 1.5 million people by 2020.
“Many of these opportunities are for technological experts, but we shouldn’t forget that many are for knowledgeable managers,” says Jason Ferdinand, director of Coventry University Business School’s cyber security MBA.
He says there are “huge opportunities for MBAs in the security, threat intelligence, and penetration testing industries”.
Such is demand for experts in this area that top cyber security professionals are being paid more than £10,000 a day, according to recruitment firm Manpower. In the UK, salaries have increased 16% for cyber security consultants.
“There’s such demand that graduates do fare well,” says Jean-Pierre Auffret, director of the MSc in Secure Information Systems at George Mason University.
Consultancy is one route for management jobs related to cyber security, say industry experts.
“The main job market is within consulting companies,” says Bertrand Monnet, chair for criminal risk management at EDHEC Business School, who highlights the “Big Four” of KPMG, PwC, Deloitte and EY.
“They have to mix pure forensic IT people and pure strategy consultants. There is a real job market, not only for IT engineers, but in addition for people graduating from highly-ranked MBA programs,” he says.
Consulting firms have expanded rapidly into big data and many are now offering cyber security services out of their analytics practices.
“Today’s best network protection devices alone are not enough to challenge the new reality of cyber security,” says Vikram Desai, security lead at Accenture Analytics. “Attackers continue to evolve by leveraging data technology, and clients have urged us….To help them fight back.”
Spend on digital technology consulting services has ballooned by 7.7% in the UK, according to Source Global Research.
“We want the convenience of accessing data on any device at any time,” says Shawn Mankad, assistant professor of information management at Cornell University. “But this raises a lot of security challenges.”
The Center for Strategic and International Studies estimates that cyber crime costs the global economy $575 billion a year.
Yet Bill DeLone, executive director of the Kogod Cybersecurity Governance Center, says most firms “wrongly believe that they are not targets and they are therefore unconcerned”.
“It is a big and growing problem — it’s growing dramatically — and the criminals are out-running this, without a doubt,” says David Upton, fellow at the Global Cyber Security Capacity Center at Oxford University, and professor of operations management at its Saïd Business School.
As a result, there is a huge shortage of talent, he says. “There will be an increasing number of people who are expected to coordinate cyber security across the organization who aren’t simply sitting in IT — they are general managers.”
Business schools have sought to bring the topic into their programs as business becomes increasingly concerned by the threat of online attacks.
“Information security is a concern that will apply to all businesses,” says Peter Swire, a professor at Georgia Tech’s Scheller College of Business, one of the first to offer a program. “And managers increasingly need to have at least a basic grasp of how cyber security works.”