A survey of thousands of members of ISACA, an international InfoSec organization, found that there is a shortage of data security professionals despite a growing need for them. A report by Domain-b has the details:
- 86 percent thought there was a shortage of data security professionals.
- 46 percent felt their organization was likely to face a cyber attack in the coming year.
- 38 percent felt their organization was prepared to fend off an attack.
While this it's bad news that so many companies are ill-prepared for a cyber attack, it's good news for you. This lack of qualified IT personnel will increase the demand for your services.
It’s hard to know exactly what you're worth, but this survey suggests that data security consultants might be able to charge more because of the lack of qualified consultants. The survey also suggests that it could be a smart investment to seek out InfoSec training.
Let's take a look at what you'll need to know to make the most of this industry shortage.
IT Consultant Sales Tips: A Shortage in Data Security Is Your Opportunity
With a shortage of qualified data security contractors, now is the time to market these skills to potential clients. If you've been looking to get outside InfoSec training and certification, you should get on it. These skills are only going to become more marketable in the next few years.
Of course, there are some things to keep in mind as you look to grow your data security consulting business:
- Clients might not understand their risks come from inside their organization as well as outside. Antivirus software and a sturdy firewall won’t cut it any more. Clients who haven't invested in data security are probably unaware that they may need to change their company's procedures, limit cloud access, and adopt other data management policies that will prevent employee mistakes. Client education will be an important part of any InfoSec security plan. (See our Client Education Packet – a free resource you can use to teach clients basic data security.)
- Big news stories create confusion. All of the high profile data breaches in the news are a mixed blessing for IT consultants. These data breaches give you clear examples you can use with your clients to teach them the risks of having inadequate security. Feel free to use these stories in your marketing materials and client discussions, but be prepared to run into a lot of questions.
- Expanding your business capabilities means new risk. When you're hired as an InfoSec consultant, you'll face significantly more scrutiny. If anything goes wrong with your client's data security, you could be sued for damages related to the cyber attack. Be prepared to beef up your IT insurance and have a data breach plan in place.
What To Do about Your Additional Risk as a Data Security Contractor
Whenever you expand your business's offerings, hire new employees, or increase your revenue, you should do a risk audit to see if you need to increase your insurance or adapt your risk management strategies to cover new risks.
If your business is offering data security services, you'll probably need IT Errors and Omissions Insurance (if you don't already have it). This insurance – also called Professional Liability Insurance – pays for lawsuits when clients sue over problems with their IT. Because data breaches are so expensive, clients often sue their IT contractor for damages related to the breach, making this insurance essential.