U.S. government agencies would need to increase the annual salaries of information security personnel by approximately $7,000 to equal the annual salaries of their private sector counterparts, a recent survey of 2,620 U.S. Department of Defense, federal civilian and federal contractor employees found.
The survey [PDF], sponsored by (ISC)2, Booz Allen Hamilton and Alta Associates, also found that 87 percent of respondents said hiring and retaining qualified information security professionals is key to securing an organization’s infrastructure.
“It’s crystal clear that the government must enhance its benefits offering to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand; unfortunately, the layers of complexity involved in fulfilling that goal are significant,” (ISC)2 managing director Dan Waddell said in a statement.
According to respondents, the most effective initiatives for attracting and retaining cyber security professionals include offering more training programs (62 percent), paying for professional cyber security certifications (62 percent), improving compensation packages (57 percent), and providing more flexible work schedules (56 percent).
Notably, 70 percent of respondents said their organization offers a program that encourages diverse hiring in information security, compared to 55 percent in the private sector.
“In today’s environment where cyber talent is scarce, organizations must recruit and train untapped talent pools, focusing on women, minorities, veterans and older workers,” Booz Allen Hamilton senior executive advisor Ron Sanders said.
“And while it can be difficult for government agencies to compete on salary alone when vying for these cyber warriors, they can appeal to a recruit’s sense of mission and purpose, tout the cutting-edge work being done and highlight opportunities for advancement,” Sanders added
Security Challenges
Separately, the federal government edition of the 2017 Thales Data Report, based on a survey of over 1,100 senior executives conducted by 451 Research, found that 34 percent of federal respondents experienced a data breach in the past year, and 65 percent have experienced a data breach in the past.
And while 61 percent of federal respondents are increasing security spending this year, fully 98 percent said they remain vulnerable to a breach — and 47 percent said they’re very or extremely vulnerable.
While 92 percent of federal respondents plan to use sensitive data in an advanced technology environment (cloud, big data, IoT, and containers) this year, 71 percent believe this will occur without proper security in place.
Fifty-three percent of federal respondents cited a lack of budget and a lack of staff as the top reasons for data insecurity.
“The U.S. federal government is racing to boost data security against odds not generally faced in the private sector today,” 451 Research principal analyst Garrett Bekker said in a statement. “A major challenge in securing the far-flung systems in the U.S. federal government is the plethora of aging legacy systems still in place, with one example being a 53-year-old Strategic Automated Command and Control System at the Department of Defense that coordinates U.S. nuclear forces and uses 8-inch floppy disks.”
“In short, this ‘perfect storm’ of very old systems, tight budgets and being a prime cybercrime target has created a stressful environment,” Bekker added.
Trust in Government
An?Accenture survey of almost 3,500 U.S. citizens found that 74 percent of respondents lack confidence in government’s ability to keep their data private and secure, and 63 percent said increased data security measures would increase their satisfaction with government agencies.
Still, respondents who interact with the government daily or several times a day were more than twice as likely to express confidence in the government’s ability to protect their data as those who don’t — and millennials were more than twice as likely as senior citizens to express confidence in the government’s data protection abilities.
“While government agencies face many cyber security challenges, the research found strong citizen support for government organizations to take steps to increase data security and protect citizen information,” Accenture public service strategy lead Peter Hutchinson said in a statement.
“Government agencies that take a comprehensive end-to-end security approach by integrating cyber security deep into their organizations will not only secure their data, but also win the trust and confidence of the citizens they serve,” Hutchinson added.