The attitude towards hackers might have to change if they are to keep one step ahead of cyber attacks with more employers showing a willingness to employ someone with a criminal record.
The idea of using the skills of people that were once on the wrong side of the law is one that is taking hold in a rising number of companies, according to findings from KPMG.
The firm found that over half of UK firms would consider hiring a hacker or someone with a criminal record in order to improve their own defences and stay ahead of the criminals.
The reason why many would recruit former criminals is because the overwhelming number (74%) recognise there is a growing cyber threat and they are struggling, in the cases of 57%, to get hold of specialised staff and then keep them.
The result is that many firms are being forced to think differently about acquiring cyber skills if they hope to keep on top of data protection. Many have a strategy for making sure they get hold of the skills they need but in the short-term the pressure is on to improve the current defences.
“The increasing awareness of the cyber threat means the majority of UK companies are clear on their strategy for dealing with any skills gaps. However, they wouldn’t hire pickpockets to be security guards, so the fact that companies are considering former hackers as recruits clearly shows how desperate they are to stay ahead of the game. With such an unwise choice on the menu, it’s encouraging to see other options on the table," said Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy.
“Rather than relying on hackers to share their secrets, or throwing money at off the shelf programmes that quickly become out of date, UK companies need to take stock of their cyber defence capabilities and act on the gaps that are specific to their own security needs. It is important to have the technical expertise, but it is just as important to translate that into the business environment in a language the senior management can understand and respond to," she added.
KPMG is hoping that it can highlight the research to encourage C level executives to think more seriously about improving cyber security skills.