As we approach 2017, BeecherMadden looks at what may change for cyber jobs next year. What trends in the industry are going to impact those in cyber jobs and their salaries? Plus, we review some of the predictions we made in 2016 and how we did on those!
Hacking of IoT
Connected devices are huge. Dubai wants to have one of the first connected cities, Amsterdam use smart devices for street lighting and Barcelona has used responsive technology for several public services. Hacking these devices is not new but we predict there will be a big upswing through 2017. There are more connected devices than ever before and it is becoming more mainstream. From heating, to doorbells, burglar alarms and kitchen devices it will not be long before most homes have some sort of device. And it isn’t just homes. The end of 2016 has seen an attack on 5 Russian banks, accessed via a connected device. As more devices are breached and leveraged for bigger gains, IoT providers will need to improve their security and we expect to see more cyber jobs in this area.
Reports suggest 90% of companies do not understand what GDPR is and the risks of it. With the risk of a fine of £20 million or 4% of turnover, cyber doomsday is finally here. Up to 75000 data protection officer jobs are expected to be created. GDPR means that companies will sit up and take notice, if they hadn’t already. This will be the buzzword of 2017 and will create the driving force behind a number of new hires.
With state hacking coming into the public consciousness, it has never been more important to secure our CNI against cyber attacks. Roles in this area have traditionally been under-resourced, although we do have strong security and risk management. It may be in 2017, that the public and the press start to call for assurances that our CNI is secure. We may see more jobs in this area and an increase in cyber jobs here internationally.
Salaries increase as international moves dip
Brexit has reduced the interest in international candidates moving to the UK. The cyber jobs skills shortage in the UK (and globally) is well covered, and we have to attract certain skills from other countries in order to fill these vacancies. Many companies will offer sponsorship and are open to these international candidates. However, if these candidates are more reluctant to move here, wage growth will increase, as demand slows.
Cyber insurance is now fully established and insurers are moving into the small and medium business space. The acquisition of Stroz Friedberg by Aon shows that insurers are making a real play for the cyber market. There will be an increase of cyber jobs in this industry, from brokers, to consultants, forensic investigators and internal consultants also.
$1 million basics
It looks like $1 million basic salaried jobs are already here in the US. The UK has some way to go before reaching this level, with only a handful of CISO’s even getting close. What we expect in 2017, is that salaries at the $1 million level, will become more common as companies, typically in financial services, compete for the best talent. It will also become a badge of honour, as they strive to show the strength of their cyber defences.
Regulation for professionals
It is possible that regulators will turn their attention to the qualifications of those in charge of cyber security, or in cyber jobs in general. There is talk of this in the US and the Swift hack that affected many organisations will surely only increase regulator interest. It may be later in 2017, but talk about giving the CISO job the same responsibilities as a CF10 or CF11 job is likely to increase. CISO’s are also talking about formalising and elevating their position within businesses and with that, may come increased responsibility. Talk of a mandatory qualification has long been out there, and while largely disregarded, it does not mean that regulators will not take interest across all industries.
We predict an increase in M&A activity for cyber vendors in 2017. 2016 saw a number of high profile acquisitions such as Darktrace and Stroz Friedberg. Funding is getting harder to raise and the market has gone through some significant shifts in 2016. As those start-ups who have now scaled look to realise their company value, many will sell. Those who want to scale may merge with larger firms who can increase their client base. The larger organisations have not had the success in cyber security products that we have seen from smaller innovators. They will now buy these companies to bolster their own brands. Those in cyber security sales jobs, will be looking for job security and strong products to take to market, as well as good remuneration.
How did our predictions fair in 2016?
Consolidation in the vendor space – we predicted this at the start of 2016 and saw a number of companies sell, merge, or fall off the radar. Finance was indeed harder to come by in 2016 and this impacted the number of vendors in the market. As part of this we also said SIEM and APT would increase and SIEM jobs have been one of the most in demand for 2016.
Cyber policy hits board level – We said 2016 may be the year of the CISO. While it wasn’t quite at the level we predicted, cyber security definitely hit the board agenda and we saw an increase in the amount of CISO’s reporting to the board, or 1 below from 2015. We have seen CISO jobs pop up in several organisations but what hasn’t been clear in 2016 is what a CISO should be doing. The job description is so broad, it has been clear that companies are not quite clear on what they need. Perhaps increased board interest in 2017 will change this.