The Guardian reported that UK firms were paying Cyber Security experts £10,000 a day to protect them against cyber threats and sophisticated hackers. This was according to a survey by recruiter Manpower who have seen a four fold rise over the last year in requests from employers for cyber security experts.
In reality , however, this level of fees would not be the normal rate paid. Possibly they could apply in the rarer cases, such as a response to a major breach and would comprise fees paid to consultancy firms not individuals, for this type of short term contract. Response to a cyber attack is going to be an expensive option, however planned preventative measures are not. There are some inexpensive preventative measures that can be implemented that cost as little as £300.
The survey was from 2012 UK employers, and asked them whether they intend to hire additional workers or reduce the size of their workforce in the coming quarter, and many UK companies are investing more in securing their systems and will require additional resource.
Speaking to the Guardian Mark Cahill, the firm’s UK managing director of Manpower, said:
“There are millions of cyber-attacks every day with a total cost to the global economy of up to $575bn (£381bn) a year.
“Companies are having to invest heavily to protect themselves and they now believe that cyber breaches are inevitable, with their focus moving to responding to attacks rather than just prevention.
“Some individuals can command daily rates in excess of £3,000, and some top cybersecurity specialists can even earn five-figure sums daily. With the potential risk to companies so significant and no signs of demand falling, those sky-high salaries look set to continue.”
SC Magazine Steve Armstrong, certified instructor at the SANS Institute, said,
“The problem with these types of surveys is that it results in allegations of security professionals and more likely recruitment staff that take a hefty percentage of the fees. Additionally, we see people rushing to the market with minimal experience, poor skills and limited analytical ability. The organisations that employ those that follow the money get a false sense of security as not everything that is expensive is actually the best.”
The increased cyber threat is being highlighted continually by the Government, Police and Media and is becoming a priority for boardroom agendas. But interestingly some of these attacks were not sophisticated, some were carried out by teenagers simply for entertainment value! Though the focus may be moving towards responding to attacks rather than just prevention, all companies should implement preventative measures as a first step.
Implementing Cyber Essentials or Cyber Essentials Plus, is a minimum preventative measure which costs from only £300 and helps guard against 80% of the most common cyber threats. Cyber Essentials is a self assessment questionnaire which is verified by cyber security experts, such as Securious, a Cyber Essentials Certification body, and should be a first step for all companies to show that they are taking the cyber threats seriously. It may not protect against the most sophisticated targeted attacks, but it is a basic standard that many companies have yet to meet the requirements for.
Customers need to be able to identify clearly what security measures organisations entrusted with their private data have taken. Having at least the Cyber Essentials certification mark , or displaying that you are compliant with the global information security management standard, such as ISO27001 or PCI DSS , if you process credit card data, on your company’s website shows that you are serious about protecting customer information and your organisation against cyber threats.
To avoid employing people with ‘minimal experience, poor skills and limited analytical ability’ ensure that you check the credentials of the cyber security expert that you employ and look for industry qualifications such as CISSP, CEH, ISO 27001 and PCI QSA