Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) are often given the mission of leading the convergence of physical and digital security for their organisations.  How are those in these roles coping with the challenge?

Presented as rivals by some, cohabitors by others, and a cost-saving exercise by the Chief Financial Officer (CFO), convergence of physical and digital security is not for the weak-willed. It is not a one-size-fits-all solution, and many in both disciplines have been unprepared for this union.

The Chief Security Officer (CSO) of today is a strategic thinker, tech-savvy in their business leadership, and an effective risk manager who can navigate evolving threats and organisational dynamics.

The Chief Information Security Officer (CISO) retains the same qualities whilst being the accountable person for securing the organisation’s data and technology infrastructure from cyber threats, now also managing AI integration and intrusion.

Both started their journeys without a career plan to the top, but such roles have developed to became pivotal as emerging risks are omnipresent.

A regulated landscape

The regulatory landscape provides both the CFO and CISO with the opportunity to meet an organisation’s responsibilities in the UK and, if you trade with the EU, the compliance frameworks provided by GDPR and the EU AI Act. The Network and Information Security Directive 2 (NIS2), the EU-wide legislation on cybersecurity, provides legal responsibilities for entities to enhance the overall level of cybersecurity and standardise cyber resilience in the EU.

The National Cyber Security Centre (NCSC) promotes Cyber Essentials, the UK Government-backed certification scheme aimed at mainly small or medium-sized businesses to keep data safe. The NCSC reported that in the past 12 months, there were 7.7 million cyber attacks in the UK.

The NCSC has launched CISP, a free platform for cybersecurity professionals to collaborate on cyber threat information in a secure and confidential environment. In the UK, we rely on the 1990 Computer Misuse Act to prosecute hackers and online fraudsters. The forthcoming Cyber Security and Resilience Bill, laid out in 2024, will seek to address the agility of recent attacks on the NHS, education sector, retailers and leading corporations.

What is the effect?

How are CISOs coping with increasing legal scrutiny and regulatory cyber oversight? Not well. According to recent research from the Information Systems Security Association (ISSA), over half of those surveyed claim that their job is stressful most of the time due to overwhelming workload, working with uninterested business managers, and keeping up with the security requirements of new business initiatives. A third say it is very likely or likely that they will leave their current job within 12 months. Nearly half have considered leaving cybersecurity altogether. Most claim they are frustrated because their organisation does not take cybersecurity seriously.

How is the CSO coping with increased regulation, reductions in physical budgets, and consistency of threats balanced against the boardroom’s increasing risk appetite to deliver greater shareholder and executive wealth? In general, they are frustrated with unnecessary budget withholding until a crisis response is required, such as the assassination of a corporate executive. All operate in an increasingly interconnected, matrixed, technology-driven, and polycrisis global environment.

The ISSA research indicates that due to the age demographics of CISOs, there is a higher incidence of retirement, while others will move on to become better-paid portfolio CISOs or take field CISO positions with security technology vendors.

Within Europe, tech costs for cyber and early AI adoption have created revenues of £39 billion, predicted by Statista to reach nearly £100 billion in 2030. The average global cost of a cyber attack is £4 million per incident for corporate recovery, client restitution, and cybersecurity upgrades. Over half of consumers say they distrust a company after a cyber breach.

Future leadership and remuneration

competition for qualified candidates is fierce. There is not a significant population of next-gen CISO candidates with the right C-suite experience to step up. This is where the CSO, who generally has a longer tenure in post, understands regulatory risk, adapts when needed to make strategic decisions, and delivers board presentations, is qualified to take forward cybersecurity.

This is leading to pay inflation for both the CISO and CSO role and those in their reporting lines to the Chief Information Officer / Chief Technical Officer. In smaller organisations, there is an increasing trend of cyber-focused CISO/ CSO reporting to the CEO, as this critical function takes the brunt of hostile attacks, both from state actors and organised crime.

Pay has a multitude of factors, such as being greenfield, replacing an incumbent after years, responding to a loss, shareholder pressure, start-up, break-ups, dynamics of the sector, shape, and international reach. The top pay quartile in the UK for a CISO ranges from £215,000 to £330,000, and CSO is similarly matched. Both would be awarded long-term incentives, which should double their remuneration in a 5–8-year range.  Sector bonuses are usually up to 50% of pay.

Additional factors

Agentic AI refers to a type of artificial intelligence system that can act autonomously, think like a chatbot on steroids, make decisions, and pursue goals with limited human supervision. These systems exhibit agency, meaning they can understand context, interpret instructions, set goals, reason through tasks, and adapt their actions based on changing conditions. Essentially, they aim to operate more like a human employee, performing tasks and making decisions with a degree of independence.

The World Economic Forum forecasts a gain of 78 million jobs by 2030 through AI activities; in Europe the private security sector will add 500,000 roles. Security leaders will evolve with a duality of experience that will be required to protect their organisations.

Human expertise, collaboration, board- room trust and continuous adaptation to evolving threats will remain essential components of effective security strategies.

Peter French MBE CPP

CEO SSR® Personnel

www.ssr-personnel.com

The post How has the convergence of cyber and physical security progressed? appeared first on City Security Magazine.

Never has it been more important for executive boards to have access to a trusted security leader as they wrestle with challenging global dynamics and risks. The SSR® Personnel & Executive Profiles 2024 annual salary survey explores the context, challenges and priorities for today’s security leaders.

Read a summary of the results of the SSR® Personnel & Executive Profiles 2024 annual salary survey

The context for security leaders

Multiple crises such as natural disasters, the current geopolitical landscape, cyber and physical attacks are heightening the risk temperature in all organisations. Furthermore, there are challenges of sustainability, shareholder trust, client- centric behaviours, and executive committees seeking greater profitability with increased risks. All of this within an increasing regulatory framework that is becoming more aggressive to corporations.

Executive boards are embracing analytics, using them within their boardroom dashboard settings, integrating AI and allowing security leaders to set agendas in line with the corporate vision. Security leaders must nurture a culture of resilience and adaptability, ensuring that all levels of the organisation are equipped to handle the unpredictability and complexity. This proactive and comprehensive approach not only protects but contributes to long-term sustainability and success.

Impact on salary and role

The progressive security management team of today will have seen an above – average salary increase of up to 25% over two years. This was due initially to the pandemic bounce, where they stepped up to the emergency. Their inbox has continued growing, with more issues than before the financial crash of 2008.  From the end of 2023 until today, cost constraint has seen many organisations apply recruitment freezes, instead hiring in flexible contracted specialist skills.  With financial certainty returning, employment will increase in the second half of 2024. Security is well placed to continue its expansion through technology interchange.

Priorities for security leaders

The top priorities remain consistent:

• Cyber security concerns are increasing in both business and private lives.
• Attracting talent at all levels is a challenge.
• Communicating effectively across generations with differing values. For example, Gen Z are unsure that the workplace reflects their values, many with managers (most probably Gen X) not sharing their views on areas such as sabbaticals, buying more personal holiday time and not answering company communications in non-work hours.
• Adopting a leadership style of coordinating rather than empowering.

Sharing the message

In this digital world, some security functions have adapted their messaging into a gaming style, with points and status for champions. They develop interactive tabletop exercises with real incidents and write their playbook with security very much part of the crisis team. Investing time in training local leaders who can make informed decisions quickly under pressure, with a deep understanding of cultural and regional nuances, puts the organisation into a ready status, and cuts down decision- making trees with an established rulebook.

Increasing efficiency through AI applications

AI is enabling security professionals to perform tasks at a faster pace, with greater accuracy,  streamline processes and provide businesses with valuable insights to drive growth. Algorithms can help tailor security to regions and business units, effectively gaining a competitive edge in the market by staying ahead of industry risks.

There are risks of unconscious bias in algorithms as the systems are only as good as the data they are trained on, and if this data is biased, it will lead to discriminatory outcomes and reinforce existing inequalities. This could be within predictive tools developed internally for a business, such as for recruitment. The complexity of AI algorithms can make it difficult for businesses to understand how decisions are being made, raising questions around accountability and ethics.

Sustainability and the ESG agenda

Security leaders are grappling with ethical and humanitarian considerations, including issues related to human rights, civilian protection, and the use of force. They are incorporating ethical frameworks and principles into their decision-making processes to ensure that responses to crises are not only effective but also morally justifiable.

Chief Security Officers have Sustainability added to their job titles so the organisation knows where they can go to for a raft of issues: resilience, recovery, business continuity and more. Progressive incumbents have centred around the ESG agenda. There is pushback against the wokery of some ESG stakeholders and subsequently the needle has been dialled down. However, organisations have retained transparency in their operations and continue with better environmental credentials since this is important to employees and investors alike.

Today’s security leader

Security leaders can help boards proactively manage and mitigate risks, rather than just react to incidents after they occur, saving the organisation time, money, and reputational damage. They should be well-versed in compliance and regulatory requirements related to data security, privacy, and other security concerns. Boards should be able to rely on this expertise to help the organisation meet its legal obligations.

Peter French, MBE CPP

CEO

SSR® Personnel

www.ssr-personnel.com

The post UK Security Salary Survey 2024: what are the challenges for today’s leaders? appeared first on City Security Magazine.

The annual survey 2023 of security professionals in the UK highlights increasing appreciation and value their role which is much greater than pre-pandemic levels of trust and employer satisfaction against a background of corporate cost control.

Dealing with skills that are in short supply

Across all UK industries – creatives, hospitality, manufacturing, financial services and more – over a million vacancies are advertised every month, down by 30% from mid-2022, but still a significant number, against a backdrop of low unemployment. In answer to a question in this year’s survey to security leaders, ‘What is the significance of hiring talent?, the majority of responses placed this as a top 10  corporate priority and the eight in ten respondents had increased budgets to upskill existing personnel.

When benchmarking against other European countries with lower unemployment rates than the UK, upskilling and investing of employees is a top 5 priority for many. This is in tandem with a change in spending, decreasing guarding costs, whilst increasing physical security protection budgets. Respondents confirmed a direct correlation with vendor performance, and post-pandemic realisation that security management can be delivered in less labour-intensive ways.

Significant growth in analyst employment delivering geopolitical predictions, corporate ESG performance and competitor analysis are just some of the areas where security departments are adding vigilance to the corporation. Some of this is possible through big data machine learning and AI predictive learning. There are also greater third-party resources that can formulate styles and prediction parameters, accessing paid and publicly accessible databases.

Recently, we were in a presentation where a UK university has mapped the CO2 footprint of every power station, cement manufacturing plant and steel plant in the world. They even have the transportation miles recorded, so for ESG measurement you could relatively accurately predict your supply chain’s environmental footprint from raw materials to finished product.

Environmental, Societal and Governance

Security professionals have a substantial role to play in the ESG agenda – if they wish to. Most CSOs have a solid line into the components that are measured. Sustainability of the corporation, supply chain, business resilience, performance monitor through loss prevention, health, and safety. Societal around our direct actions in manufacturing, third parties’ use of our product and, therefore, our brand, or if you are a social media platform, the risk of a disgruntled user who arrives at the reception desk with a handgun as you have ruined their life. Risk in our operations, moving and protecting our assets including staff on a family holiday in Sudan, as a corporation we want to protect our people.

Environmentally many security leaders will have an oversight of functions that have controls that can assist the corporation in gathering real-time information, including building occupation, internal monitoring for small groups of workers that need non-core hours access, who could be assisted around a building through hologram assistance.

Recognising the work of the security professional

For many, changing your job has not been the priority for three years, due to the pandemic. Job security has been most people’s major concern. Employees have changed their behaviours, getting on with the job to hand: agile with reduced resources, ensuring that their job function has delivered for the business. Increasingly this has been recognised in the Board room. This year respondents reported that their remuneration has increased through job performance review and had outpaced the usually broader-based annual increase. We recorded increases of around 15% against a national prediction salary increase of 6.5% annually.

Security management job longevity has reduced from 14 years at a senior level to around seven years, multiple factors are at play such as Mergers & Acquisitions, smaller corporate footprint, role development and changing skills. We also have a rush of tech-savvy managers, who will use AI tools to secure more investment aligned with corporate values and readily move to companies that better support innovation.

Cyber security growth 

There are an estimated 50,000 UK cyber security roles vacant against a National Cyber Security Centre prediction that 700,000 cyber roles need to be created in the UK. Tech entrepreneur Hermann Hauser recently emphasised at the NCSC CYBERUK conference the importance of collaboration. In a wide-ranging discussion, he said Britain has a tradition and history of leading cyber security. “If you look at all the nations in the world that have a working innovation system, it is all based on the interaction of universities, the government, and the finance community. It’s a team sport, if technology startups are a team sport, you’ve got to have all these players working together”.

Hermann further predicted that technology companies and startups will help grow the UK economy: growth from innovative breakthroughs that come out of universities or big research  to labs. The ecosystems that now exist are the bases that allow you to build these companies much faster now than ever before. “We’ve just had the most spectacular example of that in Chat GPT, which went from zero to one million users in a week or so.”

Artificial intelligence

Recent news and the number of tech entrepreneurs citing the dangers of AI, and the resignation of senior Google scientist Geoffrey Hinton, known as the “godfather of AI”, highlight how the world is unprepared for nefarious use of AI. After two years, Members of the European Parliament (MEPs) have bridged their differences and reached a provisional political deal on the world’s first Artificial Intelligence rulebook. Given the impact of GDPR, and sizable fines levied and continuing to be applied, this will be a concern to most corporations, and there are dangers through the wider application of AI technology that will keep security professionals busy.

To view the detailed results relating to the survey, see page 28 in the digital version of City Security magazine

Peter French MBE

CEO

SSR Personnel & Executive Profiles

www.ssr-personnel.com

The post Annual survey 2023 of security professionals appeared first on City Security Magazine.

A review of the changes to the security sector over the past ten years, today’s realities and predictions for the next decade – revealing the multi-faceted challenges faced by those in the security workforce.

When asked by City Security magazine ten years ago what the role of front-line security officers would be in the future, – our comment was “they will be the people with the screwdriver”. Whilst not entirely the situation now, our concept was based on decreasing budgets for people services, increased technology deployment and higher pay demands from workers in non-technical roles.

Today’s challenges

The reality today is we have a decreasing pool of people attracted to private sector security, many that are recruited are not interested in day/night shift working, and private security suffers from a poor reputation for the entry role of the security officer. Follow ‘Violence Against Security’ or ‘Working the Doors’ on Twitter or Instagram, and you’ll witness how they capture the acts of violence that security workers are subjected to in day-to-day activities, including grievous assault and being run over by criminals.

Over the last three years, technology providers of security systems have rolled out enhanced solutions driven by clients, who have been actively recruiting an engineering interface between the supplier and themselves. Remuneration for in-house roles has added 25% to basic engineer salaries, with benefits not matched in the industry. There are few open vacancies in security technology at just one in fifteen.

UK employment statistics from the Office of National Statistics show record lows in unemployment with nearly 30 million people in work. From a population of 67 million, two million of working age are unable to do so due to long-term illness.

Furthermore, millions of people have withdrawn from work due to early retirement or are not reliant on an earned income. This has led to one million vacancies currently. More than 50,000 of these are cyber protection roles.

In 2012, Director Yasmeen Stratton implored those at a Chief Security Officer level to upskill their teams to gear up for the emergence of cyber criminals, to invest in protecting their corporations, staff and customers.

Many in the security executive did not rise to the occasion, leaving an opportunity for a cyber land grab from IT, supported by the executive board, as they had little idea as to what their security executive could deliver. Ten years later we see global corporations investing in holistic security solutions to combat online fraudsters, and inept and deceitful employees.

During the pandemic, many physical security managers and executives came to the fore, flexing resources, developing strategies – though not always fully supported by senior management (due, in the main, to their non-interest) – but we now have a group of committed security risk managers who proved to be excellent in planning and execution.

The next decade

Unplanned events, people-driven or caused by climate change, will increase in their severity over the next ten years. Single-theme activism catches the board’s attention as they worry about reputational damage but there should be more concern about how staff are affected, some will have empathy with the protesters.

Proactive corporate security departments mitigate such threats, with geopolitical appraisal, know-your-customer analysis and adherence to global standards. This approach should be part of the  organisation’s post-sale oversight process for the goods and services they sell.

There have been countless cases of third-party suppliers allowing systems at the heart of an organisation to be compromised and this remains a major threat. However, we are now seeing organisations recruit and invest in greater digital gatekeeper protection.

KuppingerCole research indicates that the passwordless authentication market is growing rapidly and will reach over 6 billion USD by 2025.

The cybersecurity workforce has reached an all-time high, with nearly five million professionals employed, but there’s still a global shortage of over three million workers in this field, according to the 2022 (ISC)2 Cybersecurity Workforce Study.

In October, the US Attorney’s office found against Joe Sullivan, former UBER CSO, that he hid details of a 2016 hack that stole more than 57 million people’s information to protect Uber’s reputation and his own. He eventually informed then-CEO Travis Kalanick of the breach and paid the hackers US$100,000 in bitcoin.

One of the themes during the trial was how concerned organisations should be if they have not war-gamed the big challenges. Often this is because their security management do not have the creditability to deliver this to the Executive Board.

The next big thing in the security management portfolio is the imperative for it to become a stakeholder in the Environment, Social and Governance (ESG) agenda. This is a multi-faceted initiative often with traction for both shareholder activists and Generations Y&Z both as consumers and work colleagues.

The danger here is our B2B customers not sharing our corporate values, and our concerns with the organisation’s impact on the planet on society, and about how the organisation is governed. Is the organisation able to be transparent about all its dealings?

Within ESG, there is much that fits the progressive security department, but are they up for challenging the norms? Can they deliver the intelligence and advice the corporation requires not to fall on the ESG sword?

Peter J French MBE

Chief Executive, SSR® Personnel

www.ssr-personnel.com

For more articles on how to develop your career in security, see our Security Careers Category.

For more articles from Peter French

The post Has the security profession stepped up to the challenge? appeared first on City Security Magazine.

The annual security sector salary survey for 2022 – 2023 highlights opportunities for those in the sector as the UK outpaced other developed economies, with a return to pre-pandemic employment levels and near record levels of vacancies advertised against the background of the “Great Resignation”.

Wage inflation and its effect

With the near trebling of inflation in the past 12 months, pay demands are building. In highly unionised private sector workplaces, such as BT, there are pay demands of 10% and a strike ballots planned.

There is a 40% increase in the number of companies going into bankruptcy, reported by the Insolvency Service. Begbies Traynor’s Red Flag Alert paints a particularly worrying picture for UK businesses, with increasing numbers falling victim to pressures which have been building while government intervention has masked problems in the economy for two years. 500,000 business are in financial stress and in danger of defaulting on repaying Covid loans.

Companies most affected are in the support services sector. In the SSR survey, 24% respondents reported no increase in their basic salaries, compared with 38% in 2021. Those rewarded with bonuses and share schemes reported an increase in value averaging around 5.5%. Those changing roles, or who have been revalued through personal performance, averaged over 10%.

Risks and Skills demands

Respondents rated the risks to their organisation in this order:

1. Cyber Security
2. Organisational Governance
3. Data Privacy
4. Culture
5. Talent Management

This mostly mirrors CEO surveys, except those have talent attraction or retention typically at around third on their list of risks. 74% of respondents reported that they had self-funded post-graduate education. This is driven in part by the mistaken assertion that that there is parity of need between the hirer and those for hire. When organisations are reporting a shortage of skills, they need to contribute to their existing employees’ development.

A fundamental change has occurred in recent times. Work-cycle longevity is now at its longest ever and, therefore, has the greatest number of generations at work at the same time. The pandemic has removed over one million self-employed and part-time workers from the UK workforce. The Pertemps monthly CBI Labour market reports recently reported there were 1.3m vacancies advertised monthly, many of them are in the support and creative industries.

After five years of technology growth spurred by two years of pandemic, some businesses are relying on recruitment practices that are outdated: go to market, offer more money, and recruit. Worryingly, employee attrition has increased for companies. Immigration visa requirements bring newsworthy reporting of the lack of labour in low-paying trades, but the skills deficiency is at its most critical in areas such as security engineers, which suffer from an ageing work force, advancing technology, and lack of appeal for joining the work force.

Meanwhile, UCAS reports an unprecedented growth in students opting to take on STEM subjects. This includes a 400% increase in acceptances for students wishing to go on to study artificial intelligence courses at university.

The UK is fast attracting jobs in crypto currency firms due to the UK successful tech sector, but the UK has over 150,000 vacancies.

Equality, Diversity & Inclusion

Unfortunately for UK security PLC, we are not attracting women into the profession in high enough numbers. Women make up 21% of the work force employed in the digital economy and representation is lower in the cyber and physical worlds.

As firms accept a hybrid new world, candidates report they are spurred to look for a new role because they are not allowed to work from home. This disproportionately affects women who typically are the primary carers for children and elderly dependents.

Women in the UK feel more stressed today than they did a year ago, and nearly half say it is the reason they will likely leave their job in the next two years, according to the latest Deloitte ‘Women@Work’ report. Nearly half of women polled felt burned out, and described their mental health as either ‘poor’ or ‘very poor’.

But of course, representation is not just about the number of women, it’s a much wider issue than that. Diversity encompasses all aspects of the human experience, from age and culture to skills and life experience.

Attraction and retention

SSR survey respondents are reporting an increasing lack of empathy culture in their senior management as the reason for leaving

Under half of all organisations cite pay and bonuses as the key for staff attraction and retention, whereas over 50% of applicants say that culture and benefits are a significant reason for joining a company.

An investment from as little as £25 per employer can provide a host of benefits, including access to wellness consultants, private health, gym membership, family discount vouchers, and will reduce staff churn. The return is worth the investment.

Peter French MBE

CEO

SSR® Personnel  & Executive Profiles

www.ssr-personnel.com

For detailed results from the survey, please see our online edition.

Read more articles from SSR Personnel

The post Security sector salary survey 2022 – 2023: professionals are in high demand appeared first on City Security Magazine.

What will 2022 bring for those in the security sector looking to move roles, develop skills, achieve a pay rise or promotion or recruit others?

Vacancies pre-and post-Pandemic

Prior to November 2019, open vacancies in the security technical installation services were around 5% with most of the shortfall taken up by contracted or labour hire services available across the UK. The number of non-UK passport holders employed in the security sector workforces, both permanent and contractors, was anecdotally up to 20% of some companies’ workforce.

During the pandemic, the non-technical service sector grew through the extra requirements met by workers double shifting between their normal day work and additional requirements. With the hospitality sector closed, there was an abundance of front-of- house labour, outwardly motivated, good communication skills and easily trained. Home working increased the need for cyber teams, with more than 50,000 vacancies currently.

The impact of Brexit

Despite the myth that skills shortages are due to Brexit, when we worked with our European workforce to secure those that could apply for settled status by 1st July 2021 across all our areas of technical specialisation, we did not experience many European citizens returning home if they could qualify for UK settlement, as they were invested in the UK through family or employment status.  The ONS reported 1.3m Europeans returned to countries of origin and at least 5.5m Europeans remained in the UK.

Security sector – skills required

The Government’s stated aim of making the UK a high-wage, high-output economy sits well with the needs of the security sector, where technical skills are required.

Some parts of the UK economy have reallocated time, reduced customer interaction and increased lead times for projects, but for the security sector this is not possible. Front-of-house services are under duress through staff shortages caused through self-isolation and a reluctance by some to be vaccinated. Many clients would consider only deploying double-jabbed employees, but are afraid to implement if their non-vaccinated workforce is 15%, which would cause widespread service failure.

Providers of door supervisors speak of a labour shortage. This is mainly due to those who were previously employed in a part-time job – by nature of the requirements of the job, and with many not protected by their employers through the furlough scheme – having by necessity found other employment which they are reluctant to leave.

Vacancies

Our latest monthly CBI salary will show that over 1 million vacancies were created in the UK in Q4. ONS data figures show continued signs of recovery in the labour market, with employment increasing.  Pay-As-You-Earn data shows that the number of payrolled employees increased above the pre-pandemic level. This is partly flattered by changes in employment status from self-employed to employee status, possibly due to IR 35 rule changes.

The number of unemployed people stands at 1.4 million; however, the true extent of labour market slack remains uncertain. With more than 1 million employees returning from furlough this still points to a risk that labour shortages could prove persistent, which, along with wider supply chain disruption, risks impeding the economic recovery.

Increasing your outreach for staff

A post-pandemic outcome is that few workers are seeking to move on from employers that have looked after them, offering hybrid working practices that were never previously envisaged. Prior to January 2020, our surveys showed that 45% of the working population were actively considering changing employment; this has dramatically reduced. Hiring the right skills has become increasingly challenging.

Talent attraction is yesterday’s statement – today it’s all about Talent Discovery, where recruitment agility is essential to identify niche groups to promote your opportunities. Examples include groups for ethnic minorities, gender-based, Gen Z tech, networks for specific age generations and platforms for LGBTQ. The real takeaway is that this form of attraction route brings balance to diversity in the workforce. Companies will have to facilitate training for roles that are difficult to recruit to establish go-to talent pools.

Incorporating Diversity and Inclusion values within this widens the net further and makes a strong statement that the organisation is taking POSITIVE ACTION (NOT positive discrimination) to address the imbalance. For the first time, we are managing a cross- generational workforce as many choose to remain in the workforce post-retirement age. You may be attracting Millennials who are ‘tech savvy’ but the leap in tech innovations means your Gen Zs who are ‘tech native’ are probably the most adept, with the skills many seek to attract.

Women are under-represented in most sectors but hybrid working will enable greater participation for working mothers, allowing companies to upskill a growing and perhaps more erudite worker group, who traditionally are less likely to apply for a job unless they meet close to 100% of the criteria.

Wage inflation

At midway 2021 we predicted increases of up to 5% for skilled labour, defining that skill being the most relevant criterion. In security technology, an explosion in skills demands from installers and their clients, who have decided that they want and can mentor skills development better in house, has pushed the difference in salaries up to 50%.

Security, risk and resilience professionals’ response has been mainly positive with third of applicants reporting to have increased their total compensation above nominal salary awards. This is a global predicament; having surveyed 45 countries in 12 months, we find there is not one region immune from skills inflation in the near future.

Peter French

Managing Director, SSR Personnel

www.ssr-personnel.com

The post Security recruitment in 2022 appeared first on City Security Magazine.

The annual security sector salary survey for 2021 highlights the impact of the pandemic on salaries and benefits plus the changing ways companies are assessed by investors and employees and other influences on the workplace, such as cyber security and GDPR. The danger for security professionals is that they are revaluated without appreciation

Changes to salaries

The average UK wage inflation will be 1.5%, with management increases of up to 3%. However, 38% of respondents reported that they had received no increase in their basic salary, in contrast to 2019 when only 2% reported no remuneration increase.

This year’s salary negotiations see a near perfect storm for many workers with three factors in play: inflation, economic growth and unemployment. Real wage erosion is limited due to low inflation, most companies are not forecasting extensive expansion and we have yet to see what happens as furlough schemes wind down.

The job hotspots are in the sectors with interactive technology platforms, which will continue until the latter stages of 2022.

Alternative markets for recruiting skills

More than 1.3m people not born in the UK left in the last 12 months and of those, 700,000 left Greater London. This will be the time for employers to invest in infrastructure and people as they wean themselves off the cheap labour that the EU has afforded the UK for generations. Companies can now look at alternative markets, and we have increasing enquiries in recruiting skills from Australia, NZ and South Africa.

Whilst at the early stages in trade negotiations, access to India’s skilled engineers will be a boost for many UK companies.

Environment, Social and Governance (ESG) rankings

Investors in western markets are using ESG rankings for companies to better inform them on the direction of a business for its employees, suppliers and other stakeholders. While not yet fully understood by the high street consumer, the pandemic has sharpened thinking towards climate change and communities where our actions could adversely affect them. Employers will need to attract that future workforce by showing how compelling their ESG offering is. This was the direction of travel of employment before the pandemic, which has now been accelerated.

Diversity, Equality and Inclusion in 2021

A greater flexibility from bosses to allow, and perhaps encourage, remote working will see an ever-increasing proportion of women in senior officials or management roles. Security sectors lack diversity: 53% of women report a delay or denial of their promotion. The World Economic Forum classifies the UK at 47th in their world rankings with female representation in management whilst we have a near equal population representation. France is 59th, Germany is 89th, Italy is 99th, Russia is 19th, the highest ranked country is Jamaica.

As we often see in news reports, discrimination is perpetrated many ways. In the WEF gender parity survey which measures how well male and female feel they are represented at work, they ranked Iceland the highest, with the UK 21st.

The Cyber Security challenge

From our polling, 71% of corporate managers stated that cyber preparedness now impacts their roles. In cyber security roles, female representation in Europe is just 8%, against a presence of over 25% in the larger digital economy. Russia is training 450,000 computer sciences engineers annually, compared with 30,000 in the UK. In the latest UK Government cyber survey there are estimated to be 50,000 cyber-related vacancies. 650,000 firms in the UK reported that they could not meet a cyber essentials standard; many reported challenges around identifying good quality courses and other accredited training for employees.

GDPR three years on

Many security professionals play a part in the governance of the GDPR. Even this year, large corporations such as Amazon, British Airways, Google, H&M and Marriott were fined. The European Data Protection Board (EDPB), which oversees GDPR, has brought 200,000 cases against companies in 31 countries. Between January 2020 and January 2021, GDPR fines from the EDPB rose by nearly 40%, totalling €158.5 million.

Data protection authorities recorded 121,165 data breach notifications (19% more than the previous 12-month period). This is a corporate risk which permeates throughout structures, with many businesses not fully coherent with their responsibilities for our data.

 Returning to the office

As a nation we reacted to the 7/7 bombings with a response to get back on the tube; workers were traumatised then. Today as you wait in a socially distanced queue for your socially distanced trip to your floor, people will have difficulty in returning to work. The imperative to return, to collegially work, to be a team player, might not be the priority for many people. Hence security will need to react differently, but now we have an added mutating risk, which we trust we have tamed.

As one Chief Security Officer recently told me, “My role as the CSO has been enhanced; my team have even more respect. We will need a holistic approach to our employee care.”

Security Salary Survey charts 2021

Peter French MBE

Managing Director, SSR Personnel

Read more articles from Peter French

Read more articles on career development in the security sector

The post Security Salary Survey 2021 appeared first on City Security Magazine.

The skill sets of those employed in the profession of security are overlayed onto traits of human interaction that appeal to other industries: honesty, fairness, straightforwardness, dependability, cooperativeness, determination, courage, caring, maturity, loyalty, self-control, and empathy. They have greater value in many other customer-facing roles and will cause a shortage of quality staff in some organisations.

From our conversations with senior leaders in client organisations, many have been impressed with the agility of their security risk professionals and with their outsourced functions, that have perhaps paused frontline activities and replaced them with activities not foreseen in the contract specification.

From our perspective that has meant managing a project to provide technicians to deliver over 10,000 system upgrades in homes and businesses during the lockdown; growth in hiring protection managers in data and information sectors across the world; recruiting digital transformation champions; finding applicants with a holistic attitude to emerging risk, or the technical director that can work on a corporation’s changing needs accelerated in urgency by a factor of 10; recruiting with vendor knowledge providers to attract new client-facing skills.

As an accelerant, the pandemic has been the catalyst for change, increasing opportunities for those in the security sector for a technology revolution over the next 24 months. Whatever aspect of corporate life you are in, be that as an employee or with a vendor, you will see greater needs and demands. Whilst COVID has highlighted people’s adaptability and personal tragedies, you need a change in mindset, from the physical to plus cyber – people are intrinsic to business.

Peter French MBE CP PSyl

Managing Director,

SSR Personnel

For further views on this topic, see related articles from our Police & Partnerships, Risk Management and Security Management categories, including:

Darren Read on security in 2021 and beyond

Mike O’Neill on the new blended approach to working

Stephen Emmins from HIKVISION on how the security function is evolving

David Mundell – 2021 the year of opportunity

Neil Moscrop, CIS Security on the new roles for security officers

The post Peter French on how the pandemic is accelerating change in security appeared first on City Security Magazine.

The global pandemic is having a big impact on the working world, with unemployment set to increase. Many with jobs are keen to continue working from home. Meanwhile, the demand for cyber security expertise remains high. Is it time to consider a move to a new role?

Impact of the pandemic on the world of work

After the furlough ends the Bank of England estimates that unemployment will increase to just over 3m people. Currently there appears to be a reluctance for people to return to their offices, with the UK (and London in particular) currently having the lowest returners to offices in Europe.

Conversations with clients predict that 60% of workers that have been home working want to stay there as they find it stimulating and productive. September is a pencilled-in return date for our clients. Many are parents with children returning to school, and who with hope that their support networks, friends and family might resume as they did before.

Cyber security trends

There were 364,000 cases of fraud reported in 2019, the highest number ever recorded by Cifas, almost 1,000 a day. Increasingly facilitated online, many targets are, perhaps, those less computer aware, as well those working from home outside the cocoon of the corporate office.

Cifas chief intelligence officer, Nick Downing, said, “The steady increase in fraudulent conduct over the last few years provides us with a stark warning that we must start taking this threat seriously. We all need to take a step back and consider how we can change our behaviours.”

Hence, whilst job opportunities will look scarce, demand in cyber for technical level operators and management remains buoyant in our ever increasingly digitised economy.

Over the last twelve months salaries have increased on average by 5% and whilst recession in 2020 might dampen overall wage inflation, this sector will grow and competition for talent will be competitive.

Cyber Security Roles

Chief Information Security Officer (CISO)

Cyber preparedness sits in an increasing convergence with physical security. Headed up by a Chief Security Officer (CSO) or Chief Information Security Officer (CISO), corporations seek to protect themselves in an increasingly hostile space. Boards require educated experience around a layered delivery.

It is a strategic role, for individuals who are able to articulate the problem with a set of solutions that are costed. There has been a to-ing and fro-ing in this space which will continue ad infinitum.

Merger and Acquisition activities can leave room for only one person in this role, with possibly the other subject matter expert subjugated in the structure.

Salary range: £115,000 to £215,000 with the average at £145,000.

Head of Cyber Security

This is the person in an organisation responsible for evaluating potential vulnerabilities, detecting underway attacks and informing management, customers and law enforcement if breaches occur. They are also responsible for ensuring the security compliance of external vendors and partners.

The Head of Cyber Security is the first responder and should be professionally certified, as insurers will want this assurance.  A good point of reference is the professional association, ISACA.

Salary range: £85,000 to £160,000 with the average at £125,500.

Lead Security Consultant

Security Consultants are advisors, guides and all-round security experts hired to develop strategies for effective security across an entire organisation. There is a good crossover from forensic investigators. In the cyber role they are expected to perform vulnerability tests, research security standards, ensure the organisation is compliant and deliver technical reports for non-technical employees. The role should report on the appropriate response to any incursion in the IT space and development of robust policies.

Salary range: £52,500 to £110,000 with the average at £80,000.

White Hats, Ethical Hackers, Hunters

For entry-level analysts with a coding capability, A level or BTEC level 3, there can be a commencing salary of up to £35,000. White Hats / Hunters can expect £60,000 p.a. and Ethical Hackers managing a team, £90,000 p.a. with twice-yearly reviews.

Salary range: £40,000 to £110,000 with the average at £75,000.

Are you match fit?

If you are considering a move to a new role, cyber or otherwise, are you ready? Now is the time to prepare yourself for whatever comes next:

• Undertake a self-analysis, understand your skills and identify possible weaknesses.
• Join webinars and upskill yourself.
• Review your public profile on social media.
• Produce a CV that is your generic self but be prepared to change your personal statement that highlights you for the role you are applying for. Share your CV with a former boss for their opinion.
• Look for free CV formats and choose the one for you.

Peter French MBE

SSR® Personnel

www.ssr-personnel.com

See further reading, see our categories on Security Careers and  Security Advice.

The post Consider a new role cyber security appeared first on City Security Magazine.

The SSR® Personnel & Executive Profiles 2020 annual security salary survey partners with ASIS International. Data is collated from more than 12,000 security professionals from across 40 business sectors including finance and insurance, manufacturing, extractives, e-commerce, FMCG and logistics.

The headlines from the survey prior to the pandemic were that average wage inflation was 3.1% with management increases at 5.1%.

Over 65% of respondents reported they were underpaid, which is up from under 50% the year before.

The employment rate had remained high and then COVID-19

Up to February 2020 a record 33m people were in employment. This was mainly driven by women in employment and self-employed workers. By June advertised jobs had dropped to 75% of pre-COVID levels, with at least 8.4m workers covered by the government’s Coronavirus Job Retention Scheme, according to the Office for National Statistics.

We are seeing a gradual return to work, but the tech giants that have prospered during this period have in general told office workers not to return to work until the new year. Twitter have said that their business-as-usual model may become remote working.

Physical security growth

The total value of world production of physical security products at factory gate prices in 2019 was $34.3bn according to a report from Research and Markets. It forecasts that global market sales will reach $56.76bn in 2024.

These figures are robust and not deflected by the current pause in economic growth, most probably will be accelerated through insecurity.

In 2019, Artificial Intelligence technology applied to video surveillance data was just being trialled, in 2020 it will become a key component in identifying COVID carriers’ behaviours when added to thermal imaging.

Significant improvements in AI video analytics software are making this possible and over the next ten years it will become a standard requirement across surveillance solutions.

There is a critical need to make full use of the massive amounts of data being generated by video surveillance cameras and AI-based solutions are the only practical answer.

Cyber Security still booming

The survey estimates that cyber security vacancies globally are approximately 3.5m and are increasing in this COVID environment as remote working will become the norm. Most offices can only operate at 50% capacity within a 1 metre distancing rule and then factoring in the capacity of 2–3 people per lift cart to get to their desks.

Computer sciences and programming degrees have not been the first choice for many graduates. This is changing as more women are attracted to cyber security. This could significantly rebalance the estimated female underrepresentation in IT of just under 20%.

The global cyber security market is booming, having grown by 30 times in the last 13 years.

The cyber security sector was valued at $161.07bn in 2019 by Mordor Intelligence and is expected to reach $363.05bn by 2025.

Increasing cyber security incidents and regulations requiring their reporting are driving the human and technology growth. The USA Center for Strategic and International Studies (CSIS) and McAfee reported that cybercrimes currently cost the world almost $600bn each year, 0.8% of global GDP. The cyber security sector requires diversity to thrive. The field is wide open for people across generations, races and gender identities.

Creativity and collaboration are as important as technical acumen, so there is no ‘stereotypical’ cyber security professional. The 2020 Tessian report stated that if women earned as much as their male counterparts, the sector cost would increase by £4.4bn just in the UK.

The pandemic, whilst slowing trade, has not slowed the growth of cyber criminality. Ransomware-wielding criminals are also growing increasingly ruthless, based on the size of their extortion demands and increasing propensity to leak data in an attempt to force victims to pay, according to BakerHostetler’s investigations into hacking breaches.

Based on more than 1,000 incidents investigated in 2018, the average ransom paid was $28,920 and the largest payment was $250,000. In 2019, the average ransom paid jumped to $302,539 while the largest single payment was $5.6m.

What of the world post COVID-19 and Brexit?

More than a billion workers around the world could suffer financial hardship as the coronavirus destroys jobs, cuts working hours and slashes pay.

One third of the global workforce is expected to feel the effects directly, according to the International Labour Organisation (ILO) – with those in the retail, manufacturing, accommodation, food and transport industries particularly hard hit.

The ILO said: “Workers in this sector who are engaged in activities deemed essential – for example food distribution – continue to work, but they face greater occupational health risks. Workers in non-essential businesses face widespread closures and sharp reductions in employment and hours.”

Essex University research centre predicts 6.5m jobs in the UK could be lost, post October, after the furlough scheme ends.

The weather might have been bearable, unlike the gales and flooding in the early part of the year, just plague, pestilence and Viking raiders needed…

So to Brexit. A common thread in the SSR® survey was that Brexit will affect respondents’ future options, with many commenting that upward travel in a security career is hard. Has the appetite for confrontation diminished on either the UK or EU negotiation sides as a recession three times as bad than that of 2009 and the worst recession in 300 years is predicted?

The money would appear to be on a no deal. We are all wounded by a virus, the Euro will be under pressure, Turkey has many millions of refugees to send to Europe and the UK.

Life is not going to be normal, we will have economic uncertainty for years, but the UK security sector will have opportunities to thrive. Unfortunately, that may be due to civil reactions to ongoing personal restrictions and intermediate localised lockdowns, as well as the new technologies that need to be deployed.

Security salary survey 2020: the results

Peter French MBE

Managing Director, SSR® Personnel

www.ssr-personnel.com

See also:

Annual Salary Survey for the Security Sector 2019

The post Security salary survey: 2019 – 2020 appeared first on City Security Magazine.