Depending on your environment, you might need someone with expertise in areas ranging from malware to threat mitigation, cryptography, forensics, advanced analytics, network virtualization, cloud security, and mobile security, as well as industry-specific knowledge.
Plus, your new expert must have the soft skills needed to perform a demanding, time-sensitive, highly cooperative job: communication, management, reporting, and so on.
That’s a lot to ask of any person. Given all that, you’ll probably have better luck finding a unicorn. And if you do find an expert, it’ll cost you.
The shortage of available talent for cyber security positions has caused their salaries to skyrocket. In 2018, information security analyst salaries averaged $98,350, and the top 25% made nearly $127,000.4 Add the cost of benefits and overhead (about 43% of wages and salary in the private sector 5 ) and you’re looking at a major investment for a very specific skill set.
You’ll also need to invest in training to make sure your new security expert stays up to speed. Roughly half of organizations plan to increase cyber security training for staff in 2020.6
And after all that, the risk remains that this rare creature will be lured away by a job with even better pay and benefits. More than half of companies report that it takes three to six months, or even longer, to fill open cyber security positions.7 Furthermore, research suggests that the conservative cost of replacing an employee is 34% of their annual salary ($15,000 at the median U.S. wage of $44,564).8