UK firms consider hiring ex-hackers to solve skills shortage

More than half of UK companies are considering hiring ex-hackers to get ahead of cyber criminals, according to KPMG

More than half of UK companies are considering hiring ex-hackers in a bid to get ahead of cyber criminals, according to the latest research from KPMG. 

A poll of 300 senior IT and human resources professionals revealed that the inability to find people with the necessary cyber security skills is forcing many companies to consider poachers turned gamekeepers.

According to the poll, 53% of respondents said they would consider using a hacker to bring inside information to their security teams. A similar proportion said they would also consider recruiting an expert even if that person had a previous criminal record. 

Nearly three-quarters of respondents said they are facing new cyber security challenges which demand new cyber skills. 

For example, 70% admitted their organisation “lacks data protection and privacy expertise” and were doubtful about their organisation’s ability to assess incoming threats.

The majority said the shortfall exists because the skills needed to combat the cyber threat are different to those required for conventional IT security. 

In particular, 60% said they were struggling to find cyber experts who can effectively communicate with the business, which they see as vital to ensuring the cyber threat is well understood by corporate leaders outside the IT department. 

While 60% claim to have a strategy to deal with any skills gaps, KPMG said the research makes it clear that there is a short supply of people with all the relevant skills.

According to the survey, 57% of respondents said it has become more difficult to retain staff in specialised cyber skills in the past two years. 

The same number say the churn rate is higher in cyber security than for IT skills, and 52% said there is aggressive headhunting in this field. 

“The increasing awareness of the cyber threat means the majority of UK companies are clear on their strategy for dealing with any skills gaps,” said Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy.

“However, they would not hire pickpockets to be security guards, so the fact that companies are considering former hackers as recruits clearly shows how desperate they are to stay ahead of the game,” she said. 

But according to Gonsalves-Fersch, there are other options. “Rather than relying on hackers to share their secrets, or throwing money at off-the-shelf programs that quickly become out of date, UK companies need to take stock of their cyber defence capabilities and act on the gaps that are specific to their own security needs,” she said.

Gonsalves-Fersch said that while it is important to have the technical expertise, it is just as important to translate that into the business environment in a language senior management can understand.

The research was released to coincide with the launch of a KPMG cyber awareness programme aimed at improving cyber security at all levels of an organisation.

The programme also includes a bridging course, designed to help IT and business departments understand the language and risks presented by cyber threats.

The Department for Business, Innovation and Skills (BIS) said that ensuring UK companies have the skills in their workforce to combat cyber-crime is essential to make the UK one of the safest places to do business online, and forms a core part of the government’s £860m National Cyber Security Strategy.

“We are working in partnership with industry and academia to improve cyber security skills at all levels, including developing guidance and training for businesses so they can deal with cyber threats to their information and services,” a BIS spokesman said in a statement.

This includes increasing cyber skills training in the UK education system, providing tailored training for members of business and the general public, and publishing guidance on how companies can develop effective strategies to counter online threats to their business.

“Our work with the Cyber Security Challenge and Tech Partnership not only ensures cyber security is part of what is learned at school, but also helps raise awareness of cyber security as an exciting, rewarding and legitimate career prospect,” the BIS spokesman said.

Read more on Hackers and cybercrime prevention