More than half of UK companies are considering hiring ex-hackers in a bid to get ahead of cyber criminals, according to the latest research from KPMG.
A poll of 300 senior IT and human resources professionals revealed that the inability to find people with the necessary cyber security skills is forcing many companies to consider poachers turned gamekeepers.
According to the poll, 53% of respondents said they would consider using a hacker to bring inside information to their security teams. A similar proportion said they would also consider recruiting an expert even if that person had a previous criminal record.
Nearly three-quarters of respondents said they are facing new cyber security challenges which demand new cyber skills.
For example, 70% admitted their organisation “lacks data protection and privacy expertise” and were doubtful about their organisation’s ability to assess incoming threats.
The majority said the shortfall exists because the skills needed to combat the cyber threat are different to those required for conventional IT security.
In particular, 60% said they were struggling to find cyber experts who can effectively communicate with the business, which they see as vital to ensuring the cyber threat is well understood by corporate leaders outside the IT department.
While 60% claim to have a strategy to deal with any skills gaps, KPMG said the research makes it clear that there is a short supply of people with all the relevant skills.
According to the survey, 57% of respondents said it has become more difficult to retain staff in specialised cyber skills in the past two years.
The same number say the churn rate is higher in cyber security than for IT skills, and 52% said there is aggressive headhunting in this field.
“The increasing awareness of the cyber threat means the majority of UK companies are clear on their strategy for dealing with any skills gaps,” said Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy.
“However, they would not hire pickpockets to be security guards, so the fact that companies are considering former hackers as recruits clearly shows how desperate they are to stay ahead of the game,” she said.
But according to Gonsalves-Fersch, there are other options. “Rather than relying on hackers to share their secrets, or throwing money at off-the-shelf programs that quickly become out of date, UK companies need to take stock of their cyber defence capabilities and act on the gaps that are specific to their own security needs,” she said.
Gonsalves-Fersch said that while it is important to have the technical expertise, it is just as important to translate that into the business environment in a language senior management can understand.
The research was released to coincide with the launch of a KPMG cyber awareness programme aimed at improving cyber security at all levels of an organisation.
The programme also includes a bridging course, designed to help IT and business departments understand the language and risks presented by cyber threats.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK