The future of cybersecurity in Hong Kong

Cybersecurity has been an increasingly hot area of discussion, with the emergence and proliferation of big data, cloud computing, and data analytics. As more and more information is being collected, ensuring the security of such data is crucial to both businesses and consumers.

Recently, Hays Hong Kong joined other panellists at the Cyber Security Summit 2016, which attracted over 500 top level professionals from the IT, banking, and financial services industries, where we discussed some of the latest trends in the world of cybersecurity.

Demand vs. supply
With the surge in hiring of cybersecurity professionals in Hong Kong, companies are finding it increasingly difficult to secure the right talent due to shortages within the local talent pool. The aftermath of the dotcom bubble resulted in less professionals venturing into IT, and companies are now increasingly turning to overseas IT security talent from India or the Philippines to fulfil their hiring needs. This has consequently driven up the cost per hire in Hong Kong, and while the right candidates are securing excellent remuneration, it has further added to the challenges companies are facing.

Quality of talent
Launched by the HKMA in May 2016, the Cybersecurity Fortification Initiative seeks to address the shortage of talent and improve cybersecurity within banks in Hong Kong. This three-pronged approach includes a common risk-based assessment framework, a training and certification programme for cybersecurity professionals, and a sharing platform amongst banks on cyber threat intelligence.

This is a step forward in establishing a clear assessment structure in Hong Kong, where companies have previously relied on CISA and CISSP as a reference to a potential employee's experience and expertise. By engaging the education sector, the HKMA aims to upskill existing and potential cybersecurity talent with the best knowledge, practice, and qualifications, while attracting more local talent to the profession. However, solely educating cybersecurity professionals may not be sufficient.

Integration with the wider business
Cybersecurity is a global issue and one that touches all organisations and functions, and there needs to be an organisational understanding of cybersecurity issues and their impacts on the business. Constant education of stakeholders is necessary in ensuring that such IT-led security initiatives are integrated well into the business. We expect to see companies seeking not just solid IT skills in cybersecurity professionals, but also the ability to speak the business language and bridge the gap between technology and commercial stakeholders.

Moving forward
In the short term, employers may consider outsourcing, or hiring cybersecurity specialists with niche skill sets, while continuing to seek cybersecurity talent with diverse expertise and knowledge. As the new Cybersecurity Fortification Initiative matures, we expect to see increasingly structured training for existing cybersecurity professionals, a common benchmark of expertise within the industry, and a larger local talent pool off the back of academic developments within cybersecurity.