UK Stifles Cyber Security: Hackers Get Green Light To Attack
The UK government has given hackers the green light by making it difficult more difficult for UK organizations to use independent cyber security specialists. In an already difficult to recruit market with an acute cyber skills shortage in well qualified and experienced cyber security professionals. Legislation made mandatory to private sector recruitment on the 6th April is having far ranging consequences.
This has led to many cyber security roles typically done by independent contractors either not being filled or taking longer to fill, as finding suitable experienced candidates has become much more difficult.
Job boards are showing roles readvertised over and over again, which prior to the mandating of the legislation to the private sector were being filled quickly. The private sector is feeling the same consequences the public sector felt when it too fell in scope in April 2017.
Where many cyber security and other professionals jumped ship and left in droves, leading to an acute skills shortage. Lessons learnt from how the public sector dealt with the mandating of the new requirements have been ignored and as a consequence, similar cyber security skill shortages are being experienced.
Hackers and other malicious parties, know all too well, many UK organizations are struggling to hire cyber security talent, and this could potentially increase opportunities for them to attack these organizations.
Blanket bans on independents
Many private sector UK organizations like the leading banks have introduced blanket bans on hiring independents like cyber security professionals unless they change the way they operate and conform to new ‘pseudo employee’ ways of working without any employee benefits.
These blanket banning UK organizations are being driven by the fear generated by their own Finance, Human Resources and Risk departments to introduce blanket bans. As they perceive it makes more financial sense to do this than individually determine the status of each independent cyber security professional they deal with.
With many independents also being forced to pay employer social taxes that these organizations like banks themselves should be paying. These social taxes are as much as 14% which employers should pay but with the enforced structures these blanket banning organizations are forcing independent cyber security professionals to use. There is no way to get around independents having to pay these employer deductions.
This had led to a number of people to band together to pursue legal action against the mandated corporate structures known as umbrella companies to reclaim unlawfully deducted taxes (Umbrella Reclaim operated by law firm McFaddens).
Cyber Security roles remaining unfilled for longer
Cyber security roles done by independents are taking longer to fill, ending up being open for months, as independents simply elect not to pursue these roles. These are highly specialized roles offering independent advice, consultancy, technical skills which can’t be filled quickly by using existing employees due to a skills gap.
Hiring permanent employees is not an option either to fill these roles, as these roles are temporary in nature and it would be difficult to get rid of a permanent employee once the work had been completed without breaking strict employment laws.