Security-focused partners stand to capitalise following increased demand for tech talent in New Zealand, as organisations continue to throw money at Chief Information Security Officers (CISOs).
With tech salaries increasing six per cent across the country in 2016 - as talent pools seemingly dry up - the need for security specialists has resulted in the average annual income for CISOs reaching $164,000.
“Demand for tech professionals is growing at an extraordinary pace as new technologies rapidly bring new jobs and new levels of innovation to New Zealand businesses,” Potentia managing director, Nathan Bryant-Taukiri, said.
“Competition to attract skilled workers is fierce, with firms often willing to pay a premium to fill positions.”
Furthermore, salaries for experienced security professionals have also skyrocketed over the last 12 months, particularly in the wake of a number of high profile attacks – such as the Panama Papers – which has exposed the risk to organisations of not sufficiently protecting sensitive information.
But despite organisations willing to pay a premium, the continued tech skills shortage in New Zealand creates new opportunities for specialised security experts, those capable of acting as third party providers to organisations struggling to attract talent.
With CISO roles now the second highest paying job in the local technology sector - only behind Delivery Services Managers at $178,590 - managed security service providers in particular stand to benefit from increased outsourcing responsibility.
Coupled with Consulting Services Managers ranking as the third highest paid role in New Zealand at $158,280 per year, partners can blend security expertise with consulting capabilities, tapping into a pool of cash previously reserved for in-house talent.
Cyber spending lagging
Despite the craving for CISOs however, compared to the rest of the world, Kiwi businesses are still lagging in the amount of spending they are directing towards cyber security.
While Kiwi businesses are going digital, many are struggling to cope with the consequences a digital business model from a cyber security risk profile standpoint.
As a result, organisations are struggling to develop comprehensive security strategies.
“Leaders are struggling to fully grasp the breadth of cyber risks their organisations face and the value of the data they are gathering, let alone translating awareness into action,” PwC New Zealand Partner and Cyber Practice Leader, Adrian van Hest, said.
“Companies that are making this transition to a digital operating model have to make cyber security central to their transformation efforts.”
Yet while organisations require outside guidance, the uptake of managed security services, for example, is still almost half that of Australia (44 per cent compared to 78 per cent), according to PwC New Zealand findings.
But partners can take solace from global trends, with IDC research reporting that the largest category of investment will be security-related services in the year ahead, which accounted for nearly 45 per cent of all security spending worldwide in 2016.
Delving deeper, the largest segment, managed security services, generated revenues of $US13 billion.
Security software was the second largest category in 2016, with endpoint security, identity and access management, and security and vulnerability management software driving more than 75 per cent of the category's revenues.
Finally, security hardware revenues reached $US14 billion in 2016, led by purchases of unified threat management systems, alongside one of the fastest growing segments of the security products market, user behaviour analytics software, increasing 12.2 per cent.
Given that the pace and threat of security attacks is increasing every year, organisations are gradually understanding the need to develop and execute on a new generation of security measures.
Within the channel, managed security services was the largest segment of spending among the industries making the biggest security investments during the past 12 months.
Blurring the lines of a cyber security strategy
The rise of digital businesses, mass adoption of cloud technology and the increasingly complex network of relationships with customers, employees and supply chain partners have all blurred the lines of traditional cyber security.
As a result, New Zealand companies are struggling to respond to the added complexity, thus creating pockets of opportunity for the channel to make sense of industry hype and noise.
Currently, only 29 per cent of local firms evaluate the security of third-parties, despite suppliers and business partners being the fastest-growing source for cyber attacks.
Likewise, employees were the single largest source of cyber security breaches, yet organisations are still focusing on external threats.
“Rather than trying to ring-fence their organisation, companies now have to develop a proactive security approach across their entire digital presence,” van Hest added.
“That means holding suppliers accountable for breaches, addressing the risk from employees and treating customer data privacy as a competitive advantage.
“Every organisation’s cyber security approach has to begin with understanding their risk profile. Only then can they develop a strategy to protect their assets, detect when they experience a breach and then respond and recover effectively."