11.07.2024

Finding and Retaining IT Security Experts: eco Association Offers 5 Tips

The threat situation for corporate IT is growing, according to 96% of the decision-makers surveyed in the eco IT Security Survey 2024. Protecting sensitive data and defending against cyberattacks requires highly qualified experts. Here are 5 tips from eco Association on how companies can find and retain suitable experts to address these issues.

In an increasingly digitalised world, IT security is becoming a growing challenge for companies of all sizes. According to the latest eco IT Security Survey, one in five companies (20%) experienced at least one IT security incident last year, sometimes with significant damage. Suitable professionals are needed to ensure the necessary cyber resilience in one’s own company, but many companies are finding it increasingly difficult to recruit and retain them.

An applicant market has long emerged in which highly qualified personnel can choose from a variety of offers. The shortage of skilled labours no longer only affects the technical level; the situation is also becoming more acute in other areas of the company such as accounting, human resources and marketing. Companies must therefore adapt their HR strategy to this development. The eco – Association of the Internet Industry provides 5 tips on how HR managers can adapt to the changed situation:

1. Adapt the recruitment process
Recruitment processes should be critically evaluated in order to attract new employees. A simple and fast application process with lots of feedback benefits both sides. Open conversations at eye level help both sides to get to know each other better. A trial day can be arranged in advance with promising candidates to get to know the future work environment, colleagues and corporate culture. Hackathons and other IT competitions offer an excellent opportunity to identify talented IT security experts and inspire them to join the company. These events allow companies to see potential employees in action and introduce them to the company culture. Close cooperation with universities and technical colleges can facilitate access to young talent. Companies can establish early contacts and win over talented students through guest lectures, internships, and joint research projects.

2. Create attractive working conditions
Flexible working hours and the option to work from home are attractive benefits for many IT security experts. This allows you to also expand your recruiting radius beyond your own region. Companies should offer flexible working models to attract professionals and increase their satisfaction. Competitive remuneration is essential to attract and retain talented professionals. In addition, attractive benefits such as bonuses, healthcare, pension provision and other benefits can make a difference. Explore new avenues beyond traditional job postings. Satisfied employees are good advertising for the company and can be rewarded with special incentives for recruiting new employees. Especially for specialised topics, (internal) active sourcing should also be used,

3. Increase employee loyalty
Offer regular opportunities for professional and social exchange, considering the individual time preferences of employees. Develop a corporate culture together with the employees and live it. Position yourself as family-friendly and women-friendly – especially women are still significantly underrepresented in IT security. Take the individual needs of employees into account. A rigid framework in terms of working hours and salary no longer makes sense everywhere. Instead, individual bonus programmes can be developed with employees that take into account the respective phases of their lives. If this is done transparently, a debate about envy can also be prevented. Offer opportunities for further training and different career paths. It doesn’t always have to be a climb to the top; models for technical experts also increase the length of time employees stay with the company. When returning to the office, check how much flexibility is possible for employees. It is important to question why employees should return to the office in the first place, what goals are to be achieved (better communication within the team, more control) and how these can be achieved.

4. Promote training – attract young talent
When recruiting new skilled workers, the promotion of young talent must not be ignored, even if this is more of a medium-term solution. However, a concerted effort must be made in the constantly growing Internet industry. Many professions in the IT sector, for example, are still too little known. The foundations for this are already being laid in the school environment. Cooperation with schools, visits to school fairs, the involvement of teachers and participation in Girls & Boys Day are just some of the possibilities. In the university environment, there has been enormous growth since the emergence of the first IT security-related degree programmes around 20 years ago, although this has since stagnated. The number of degrees is also declining at some universities. Early collaboration with students through internships, final theses, working students, etc. ensures contact with potential new employees. When training new specialists, the requirements of the Internet industry and the diverse job profiles should be taken into account. Highly qualified specialists are not needed everywhere, but also generalists with a broad range of knowledge, e.g. in the field of data protection and information security. When addressing students in particular, social media such as Instagram and TikTok should be taken into account in order to create brand awareness.

5. Use AI – make work more efficient
Artificial intelligence and automation are building blocks in the fight against the shortage of skilled workers. Output can be increased without the need for more staff. The unconscious fear that AI will lead to job losses should be seen as a solution rather than a problem in light of the shortage of skilled workers. Skilled workers can thus be deployed in positions where the human component is necessary or, together with AI, achieve better results.

Conclusion: Through a combination of attractive employer branding, continuous training, flexible working models and an appreciative corporate culture, companies can ensure that they attract and retain the best talent for their IT security needs.

Finding and Retaining IT Security Experts: eco Association Provides 5 Tips