When KPMG asked Canadian CEOs to cite their perceived threats to growth in our 2018 Canadian CEO Outlook, it was little surprise to see cyber security risk jump back up to the top the list of threats to growth this year—up from the ninth spot in 2017. Not only are today's organizations bombarded with news of data breaches and system hacks, but only slightly above half of the same respondents felt prepared to handle a cyber-attack if (and mostly likely when) one were to occur.
Certainly, concerns for data privacy and security have intensified among virtually all industries in recent years. I say "virtually" because it's a different story for companies in the technology sector where the ability to provide data privacy and security are central to their value proposition and, as such, a core focus from the moment of inception. In short, it is simply part of their DNA.
It's no wonder that the tech sector has become something of a steward in cyber security. However, that leadership position hinges on talent who can stay up to speed with evolving cyber risks, manage incidents effectively, design disaster recovery plans and embed best practices within their organization. And as anyone in the tech industry can attest, finding and attracting that kind of talent can be a challenge in and of itself.
Data privacy and security are table stakes in the tech industry. They always have been, and always will be. After all, a data breach in a retail chain might mean significant losses, but a failure within a tech company's platform – one which facilitates payments between banks, for example – would be an end to their business because that is their business.
It's for this reason that many in the tech sector already maintain a robust in-house cyber defense program, and why cyber risk continues to dominate boardroom agendas and receive full attention from all leaders. It's also the reason why the industry is constantly pursuing talent who can not only maintain this level of preparedness, but position the organization to handle anything that comes.
That's easier said than done for an industry that's in a perpetual fight for talent. Today, many tech specialists are being acquired en masse by major players or aligning themselves with professional service firms that are helping their own clients build core competencies around cyber security. This has created a high demand for tech talent and, as a result, a severe shortage in the marketplace.
Over half of respondents in KPMG's 2018 Canadian CEO Outlook believe cyber security specialists are key to future growth. Yet for tech and non-tech companies alike, the odds of acquiring highly-skilled people who can bridge internal cyber security gaps appear slim.
That said, there are several factors in play that are replenishing this high-demand talent pool, as well as steps both tech and non-tech organizations can take to attract specialized talent to their ranks.
For one, Canada is becoming more of a draw for specialized talent. Geopolitical shifts and industry challenges in the U.S. and EU, for example, are redirecting talent to our borders, while new opportunities and promises of the "Canadian way of life" are also pulling talent from markets across the world. In many ways, what's happening now can be likened to a "reverse brain drain" where Canada is becoming the destination for tech talent, rather than the place they came from, especially as the country's main tech hubs in Vancouver, Toronto-Waterloo and Montreal continue to evolve into world-leading innovation hubs of the future.
Several immigration policies have also eased the talent crunch. BC's PNP (Provincial Nominee Program) Tech Pilot project and Canada's two-week Visa processing initiative (via the Global Talent Stream) have proven successful in accelerating talent mobility. More importantly, they are indicative of the government's desire to attract international talent and get them into the companies that need them most.
These initiatives and trends are no doubt helpful. Nevertheless, the onus is on organizations themselves to attract and retain the talent that will help them build internal core competencies around cyber security and reach their ideal posture. That applies to tech players who need more talent to shore up their defenses and non-tech organizations who are still in the process of making cyber security a priority.
There are other options as well. In lieu of adding to one's workforce, organization can benefit from partnering with third-party experts who can bring those core competencies to the table. This is an effective strategy for organizations that do not wish to expand their team but still benefit from the knowledge and practices that a professional services firm or boutique provider can deliver.
Ultimately, the tech sector has an edge in cyber security for the simple fact that it is the foundation upon which many ply their trade. That edge is attainable in any organization, however; especially within those that make cyber security an enterprise-wide focus and align themselves with the talent and partners that can put them ahead of future threats.
Canadian CEOs were asked which specialists they required for future growth. Their top three responses were emerging technology specialists (64%), scenario- and risk-modeling specialists (62%), and cyber security specialists (60%).