Cyber Security Talent Gap in Asia

In-line with our global edition published in April 2020, Steve Lam used secondary data analysis and the interviewing of hiring managers as methodologies to examine two separate issues: 1) The impact of Covid 19 on cybercrimes and 2) The omnipresence of a cyber talent gap in Asia. He will conclude
with a short list of talent strategies to curb the talent gap.

Growing Cyber Awareness Prior to the Pandemic in Asia:

We have identified Cyber Security & Privacy as one of the primary interests for enterprises due to the recent surge in cyberattacks within Asia Pacific. It was reported by the Cyber Security Agency (CSA) that there was a surge of 51.7% in the number of reported cybercrime cases between 2018-2019. In fact, APAC is now holding the biggest slice of cybercrime relative to other continents.

Thus, it is no coincidence that we have noticed a rise in demand for cyber talent, services and solutioning regionally. Statistically, it was noticed by Gartner that cyber budgets are raised by 10.5%
in comparison to 0.4% for overall technology budgets in 2018- 2019. These statistics demonstrated to us greater awareness by executive members, on severity of cyber incidents as they
make conclusive financial and budget decisions. A noticeable sum of the cyber budget will be allocated to cyber consulting services in the ASEAN region due to the lack of cyber awareness and maturity. In Asia, there was a spike in cyber spending by 94.7% back in 2016, as reported by Telstra. 

To tap on the demand, global management consulting firms have been populating and identifying the digital challenge/risk found with their clients.

The Impact of COVID-19 on Cyber Crime:
In a monthly threat report by NTT Ltd, it was announced that there is a surge in vulnerabilities and cyber-attacks from the new norms we are accustoming to. While there is a consensus that cybercrimes have been intensified during the pandemic from several sources, our finding sketches the underlying factors.

Reported on CNA (17 Jun 2020), the worse impacted industry is healthcare. This is hardly surprising given that breaches stem largely from the burgeon in data collection. It was reported that the usage of smart technology to assist the rise in demand for healthcare services, has led to a 200-fold increase in phishing attacks that make used of key words such as “masks” and “sanitizer” to trigger clicks. The biggest victim reported was World Health Organization, where a malware was injected into a fake application with their branding.

Outside of healthcare, it is also evident that there is another interesting causation to this phenomenon. The airborne nature of the virus has resulted in closure of brick & mortar shops, increasing the reliance on online purchases and payments. Quoting LexisNexis Risk Solution Director, Rebekah Moody. 

“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation.” - CYBERSECasia September 2020

With consumers pre-dominantly using online payment with this adjustment, it increases the vulnerability of payments service-providers. For example, cyber attackers can program stolen consumer’s credit card data into a counterfeit physical card for financial gains as reported by Deloitte. Other sources have reported different motivations and methodologies for cybercrimes in ecommerce sector, which is alarming.

Conclusively, another paramount factor is the reliance on telecommuting from employees due to compulsory work from home policies. While the severity of the pandemic has dwindled in countries such as Singapore and Vietnam, telecommuting has not. This imposes a new challenge for organizations’ cyber teams especially in Global Corporations. Cyber teams might need to re-evaluate the loopholes of thousands of employees using less secured equipment at home.

Rick McElroy, cyber security strategist at VMware Carbon Black observed that:

“32 per cent of Singaporean respondents say the inability to implement MFA is the biggest threat to business resilience they are facing right now.” - ChannelAsia July 2020

Gaps in Talent Security:
With our background and research in Management Consulting, we have noticed a rise in hires for different projects with relation to Security & Risk Assessment, Information Security and Data Privacy & Protection for management consulting across ASEAN. The fulfilment of cyber projects requires qualified resources before the delivery can be executed.

The issue of the gap in cyber talents with relation to the surge in the severity of cybercrime has been widely studied. In an ISACA study, it was “found that 57 percent of organizations had an open position, and a majority couldn’t find suitable candidates even after waiting for months — sometimes as much as six months.” Our consulting clients has reached out to us, stating that they have had
leadership roles vacant for up to 6 months.

This is probably not a rare scenario for most talent consulting firms where cyber talents have traditionally been one of the trickiest in Asia. For example, we have noticed that Management Consulting firms in Thailand are willing pay northwards of 300,000THB for management roles, which is higher relative to non-cyber demands for similar seniority.

Cyber Talent-Scape:
With statistics demonstrating a dual-combination of i) surge in cybercrimes during the pandemic and ii) the improving but prominent talent-gap in Asia, it is inevitable what arises is the birth of another phenomenon. That is the undesirable competition for crème-de-la-crème cyber talents.

As reported by River Partnership in April 2020, some CISO’s have told River that they are opting for a smaller overall number of number of hires, but more strategic in nature. Others have opted for interim solutions made up of contract professionals, enhanced workforce models or hiring via consulting or advisory firms.

However, this just means that the demand for cyber talents will shift to consulting/service provider. One noticeable pain-point is that there is a huge market for cyber consulting practice to have a presence in Asia, but it is costly to hire cyber security specialists. With a sample size of 78 candidates in Singapore, it was noticed that the average expected salary is 23%. That is simply because these candidates have been receiving similar offers elsewhere.

Food for thought: What can you do better to increase hiring succession rate and reduce cost of hiring simultaneously?

Are 'They' Still Hiring?
We have received common enquires from passive/active candidates & clients on recruitment activities during the pandemic. Main concerns are budget cut from organizations.
In-line with our Global findings, our Asia team has noticed a similar trend from our own ground discussions.

River's survey for Director and CISOs during August to October 2020 suggested that hiring, albeit muted, would continue. More than a 60% of those polled had live searches and 58% expect to commission searches in the next 2 months.

Leading firms are telling us they will continue to strengthen their teams, albeit with restricted budgets.

We all face considerable financial challenges over the next few weeks and months, there will be a reduction in spending in some areas to protect overall business interests. How will you invest your cyber budget?

What Can You Do?
  • Engage with HR business Partners and plan for digital hiring and onboarding
  • Roll-out campus recruitment program for in-flow of cyber talents
  • Consider interim or consulting expertise to introduce accurate security profiles
  • Map out the market to understand statistics and movement trends

To download full whitepaper please click here: Cyber Security talent gap in Asia.pdf

« Back to Insight