Enterprise firms rushing to recruit CISOs to avoid becoming the next eBay


Fortune 500 companies are desperate to recruit or promote security professionals to board and C-level positions, following a wave of high-profile data breaches uncovered this year.

Reuters reported numerous Fortune 500 firms including JPMorgan, Chase & Co, PepsiCo, Cardinal Health, Deere & Co and The United Services Automobile Association (USAA) are  seeking chief information security officers (CISOs) to help bolster their defences against cyber attacks.

The firms are reportedly increasing the CISOs’ salary range by as much as 100 percent over the industry standard, offering candidates between $500,000 and $700,000 per year.

The move is a reaction to the high number of data breaches reported over the past few months. Earlier this month, online auction house eBay admitted hackers had managed to compromise its systems during a cyber raid in February.

EBay’s late reaction to the breach and the subsequent user backlash it suffered served to highlight just how important cyber security is for any firm handling sensitive customer data.

It is currently not known how much financial damage the breach has caused eBay, though estimates from PwC and the UK Department for Business, Innovation and Skills (BIS) suggest attacks are costing firms as much as £1.15m per breach.

EY head of cyber security for financial services Steve Holt told V3 he welcomed the fact that enterprises are looking to appoint cyber security specialists to very senior positions. However, he added that companies will have to adopt more wide-reaching cyber strategies if they hope to avoid becoming the next eBay.

“While this is a move in the right direction, it would be foolish to think that having a board position in itself will be enough to stop all future breaches. Progress in reducing an organisation’s exposure to the cyber threat will need the support of the board and the whole organisation,” he said.

“In the longer term, an organisation will benefit by having the right skills at the board and non-executive director level to understand and challenge the investments being made to address cyber risk.

“It will be interesting to see how board-level representation will drive change programmes to build up defences and prevent, detect and recover from similar incidents in the future.”

The firms’ recruitment drive comes during a reported global cyber skills shortage. Adam Kramer, a cyber expert at the NCA, argued businesses and government departments need to adapt their cyber recruitment policies to consider more diverse candidates if they hope to recruit skilled cyber professionals during an interview with V3 earlier in May.

30 May 2014 | 4:26 pm – Source: v3.co.uk

Leave a Reply

Your email address will not be published.