UK companies open to hiring hackers for cyber attack prevention

Research from KPMG suggests companies are willing to take drastic action to prevent cyber attacks

Over half of UK businesses would consider hiring an ex-hacker to bolster their protection against cyber threats.

That's according to a survey by KPMG, which polled 300 IT and HR professionals at organisations with 500 or more employees about the role staffing plays in preventing cyber attacks.

Out of those surveyed, nearly three quarters (74 per cent) said new and emerging cyber threats had prompted them to recruit new staff to fill security skills gaps within their organisations.

However, 57 per cent admitted to experiencing difficulties when retaining staff with specialised security skills, particularly in the past two years.

Drilling down into the skills areas in highest demand, 70 per cent flagged shortfalls within their workforce of people with data protection and privacy expertise skills, while the same percentage also expressed concerns about their company’s ability to assess incoming threats.

In response to these skills gaps, 53 per cent of companies said they would consider hiring a hacker to get the inside line on the potential threats affecting their business.

Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy, said the fact companies claim to be open to hiring former hackers is eye-opening.

“[Companies] wouldn’t hire pickpockets to be security guards, so the fact that companies are considering former hackers as recruits clearly shows how desperate they are to stay ahead of the game,” she said.

“Rather than relying on hackers to share their secrets, or throwing money at off-the-shelf programmes that quickly become out of date, UK companies need to take stock of their cyber defence capabilities and act on the gaps that are specific to their own security needs.”

She also emphasised the importance of hiring people who are confident at communicating security issues to others.

“It is important to have the technical expertise, but it is just as important to translate that into the business environment in a language the senior management can understand and respond to,” she concluded.