The security threat landscape is getting more complex in Hong Kong but there is a shortage of experienced and skilled professionals particularly C-suite security executives. Virtual CISO (Chief Information Security Officer) service is gaining ground to help relieve the security talent shortfall problem.
Like other countries around the world, Hong Kong has been facing more cyber security threats in recent years. Companies from any sector are being targeted by cyber attackers who are using different types of attacks such as distributed denial of service (DDoS) and ransomware.
The financial loss due to cybercrime is growing rapidly in Hong Kong. Although the number of technology crimes reported to the Hong Kong Police Force last year was higher by only 1%, the estimated total financial loss was HK$1.8 billion, an increase of 50% compared to 2014.
Talent shortfall & rising wages
Sophisticated large enterprises and heavily regulated sectors such as banking and finance are more mature in the security space with a cybersecurity framework in place. They can afford to hire full-time and experienced security professionals including CISO.
For other industries or smaller companies with limited resources, the virtual CISO is a new service to meet their security needs at just a fraction of the cost of a full-time CISO.
“There are not enough CISOs to satisfy every single company in Hong Kong, so that’s where the virtual CISO comes in. The virtual CISO plugs the gap of security professionals’ shortage,” said Barnaby Grosvenor, group head of cyber security solutions at JOS in an interview with Computerworld Hong Kong.
The lack of skilled security talents has led to the rising wages of those talents including CISO, which makes it harder for SMEs, manufacturing or other sectors to pay for a full-time CISO.
“Even though they don't need or can’t afford a full time talent, they still need someone to understand their security profiles or security postures. They need someone to come in, have a look and tell them what they need to do to either satisfy regulatory requirements or offer better security,” he added.
Aside from the banking and finance sector, more and more regulatory requirements are being applied across vertical industries, whether it’s the data protection act, privacy act or general good business practices.
Bridging skills gap
Seeing the growing demand for security professionals, JOS recently introduced a virtual CISO service initially in Hong Kong, Malaysia and Singapore. Two retail companies in Hong Kong have already subscribed to the service.