- In 2016 alone, the FBI received more than 2,600 complaints about ransomware.
- In 2015, there were over 112 million healthcare data breaches.
- According to Cisco, the number of so-called distributed denial-of-service (DDoS) attacks – assaults that flood a system’s servers with junk web traffic – jumped globally by 172 percent in 2016. Cisco projects the total to grow by another two and a half times to 3.1 million attacks by 2021.
The Real Cost of Cyber CrimeTo understand the magnitude of cyber crime, it helps to look at the costs. According to FBI statistics, hackers extorted businesses and institutions for more than $209 million in ransomware payments in just the first three months of 2016. And that number was way up from the 2015 figure of $24 million. In 2017, we witnessed ransomware attacks in the billions. The WannaCry outbreak, for example, affected computers in more than 150 countries and by some estimates could cost as much as $4 billion. But there are additional costs to the victimized business or individual beyond just the money hackers steal. Cisco explains in its 2017 Annual Cybersecurity Report that there are opportunity costs and customers lost that cause significant damage. Cyber attacks can also affect a business’ valuation. Michael Bittan, head of Deloitte’s Cyber Risk Services unit in France, told Bloomberg:
"There’s a risk you’re buying an empty shell, overpaying for a target whose patents have been spied on and copycatted, or whose sensitive customer data has been stolen. Cyber security is not about getting technical, it’s about business impact, and ultimately valuations. It will become a pillar of M&A decisions."
Fighting Cyber Crime Requires Professionals, Talent Which is in Short SupplyOne of the greatest hindrances to mitigating cyber crime is the lack of qualified and skilled professionals trained in cyber security. Despite being one of the fastest-growing fields, cyber security is not attracting the talent it needs to fill the many open positions, with a report from Frost & Sullivan and (ISC)2 predicting that job postings in cyber security will reach 1.5 million by 2020. This is alarming considering that “cybercriminals are becoming increasingly more organized and aggressive, while the teams defending against these attacks are struggling to fill their ranks,” according to the Harvard Business Review. As the millennial generation comes of age and boomers retire over the next decade, it is the millennials who will be looked at to fill these critical roles. Yet so far, the figures are not positive. A Global Information Security Workforce Study by (ISC)2 revealed that only seven percent of cyber security professionals surveyed were under age 29, and 13 percent were between ages 30 and 34. The average age of cyber professionals is 42. Not only is the field failing to attract the millennials it needs, but there is a severe gender gap as well, with females constituting only 11 percent of the world’s information security workforce. In short, the cyber security field needs more talent – millennials and women included. In summary, there are three primary factors contributing to today’s cyber security talent shortage:
- Lack of awareness of cyber security as a career path
- Preconceived notions around the skills and qualities needed to work in information security
- Advanced educational requirements (specifically a desire for applicants to have computer security degrees)
It Pays to Work in Cyber SecurityThanks in part to the extreme drought in cyber security professionals, salaries in cyber security are high. According to CNBC, the average annual salary for a cyber security professional with a Bachelor’s degree is $116,000. For more advanced positions that typically require a Master’s degree, the salaries almost double. The private, public and governmental sectors are all investing heavily in attracting and retaining cyber security talent. As evidence, SoftBank Corp recently invested $100 million in cyber security start-up Cybereason, and New York City Mayor Bill de Blasio just announced a plan to introduce 100,000 new jobs over the next 10 years with a strong emphasis on cyber security. Similarly, a 2016 Corporate IT Security Risks report by Kaspersky Lab found that:
- Of the 4,000 businesses surveyed, roughly half said they were finding it hard to fill openings.
- Nearly 70 percent of the companies said they planned to hire full-time cybersecurity professionals in the coming years.
- Nearly half (48 percent) of businesses admit there is a talent shortage and a growing demand for more professionals.
- Overall, 68.5 percent of companies expect an increase in the number of full-time security experts, with 18 percent expecting a significant increase in headcount.