Amid a challenging cybersecurity environment and growing IT complexity, the demand for IT and cybersecurity specialists still remains high – and this means security executives are unlikely to be laid off in the event of a security breach.

Kaspersky research shows that, in 2021, less than a fifth of organisations across the META region laid off senior IT staff (15%) – and, while this was slightly higher than compared to 2018 (13%), far fewer senior IT security roles (5%) were laid off in 2021 compared to 2018 (15%) in the META region.

According to the Gartner 2020 Board of Directors Survey, by 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified director.

While cybersecurity risks become the second most critical source of risks for enterprises, behind only regulatory compliance risk, the role and responsibilities of IT security executives are crucial. And, with a continuing skills gap in the market, it should be important for organisations to save experts in their positions.

The Kaspersky research, “IT Security Economics 2021: Managing the trend of growing IT complexity”, reveals that fewer enterprises now fire employees because of data breaches.

The split of employees that could lose their job because of a cybersecurity breach has also changed. In addition to senior IT and IT security roles, C-level executives are now far less likely to be exposed to dismissals too. The decreasing trend is also relevant for non-IT senior staff. As a result, the overall split across IT and non-IT, senior and non-senior roles, became flatter than a few years ago.

The demand for retaining and nurturing expertise is seen, for example, in budget planning: 30% of enterprises report the need to improve the level of specialist security expertise as the top reason to increase their IT security budget. In fact, this is the second most common reason, followed only by increased complexity of IT infrastructure (38%).

Furthermore, by investing in internal specialists, employers are interested in retaining their knowledge within the company so that employees could leverage their skills in future.

“The transfer to remote work and processes has put increased pressure on the information security sector. With cybersecurity jobs in such high demand and skilled professionals in low supply, companies are realising the value of senior security executives and the need to plug the talent gap,” comments Evgeniya Naumova, executive vice-president: corporate business at Kaspersky.

“As digital transformation intensifies, not only does the need for well-trained professionals grow, but the management’s awareness of cybersecurity. Incidents cannot be completely ruled out,” says Sebastian Artz, head of cyber and information Security at Bitkom, Germany´s digital association. “The highest possible level of cybersecurity depends on an adequate strategy, represented by IT security experts. We therefore very much welcome positive trends regarding the appreciation of specialised staff.”

Companies that face the lack of internal expertise are advised to use the following tips to raise the level of their cyber defense:

  • Train internal talent. Provide your IT security team with opportunities for additional education, including participation in expert courses or webinars. Specialists will appreciate a company that cares about their professional development and will be able to apply new knowledge to specific organisational processes.
  • Encourage employees to share practical experiences and work on varied, non-standard tasks. Cybersecurity workers can also augment their expertise by reaching out to industry leaders that could provide unique knowledge to solve advanced challenges.
  • If the lack of resources or expertise has to be solved in the short term, or the existing team is struggling to deal with the increased software security levels and constantly evolving protection technologies, a business can gain help from third-party IT security providers. Managed services from trusted IT security providers combine the most advanced automated tools with professional expert support to ensure timely detection, threat hunting, and remediation.