Yes, contracting out your cyber security may seem an effective way to reduce fixed staff costs. But can you afford the longer term implications of doing so?
The 2017 Ponemon Cost of Data Breach Study clearly iterates that "the faster [a] breach can be identified and contained, the lower the costs."
The report also states that "programs that preserve customer trust and loyalty in advance of the breach will help reduce the number of lost business/customers."
In fact, the survey showed that the average number of days taken to identify a data breach in 2016 was 201 days, which fell to 191 days in the first half of 2017. Ponemon attributes this decline to improved security technologies.
However, it would not be a stretch to attribute some of the improvement to more organisations having their own cyber security systems and staff which can respond more efficiently and quickly to any data breaches.
Given that the 2017 Ponemon report states that the average cost of a data breach for a company was $2.51 million - or, in per capita terms, $139 for every Australia - an investment in an in-house cyber security team for medium to larger businesses simply makes sense.
Looking for industry leaders
Australia needs to look beyond any quick fix band-aid solutions such as last year's call from the Australian Centre for Cyber Security for the development of a national security corps of volunteers to help secure the government, businesses and individuals from cyber-attack.
The focus instead should be on investment in the education sector for long-term talent cultivation.
And while teaching theoretical application is essential, so too is the need to provide hands-on experience in the sector. Nothing beats experience.
A great example of this can be found in Israel, where they set the foundation for long-term success in the cyber security field for governments, military and businesses.
Earlier this year Israel announced it would establish a National Centre for Cyber Education to train young people in the sector.
Israeli Prime Minister Benjamin Netanyahu said at the time the centre would "increase the number and raise the level of young Israelis for their future integration into the Israeli security services, industry and the academic world."
It would, he said, focus on "the development of programs and education for children, youth and graduates in the cyber sphere."
In Australia, in the short to medium term, there needs to be a substantial increase in investment in research and development and mediating the threat of offshore verses internal security operations.
While some are forecasting a peak in demand for staff in the cyber security sector later this year or next year, I am confident this 'peak' in demand will not be followed by a decline as is usually the case.
Rather, demand for top performing staff in cyber security will continue to grow exponentially in the next five years and beyond, barring the development of some unforseen security solution!
Sign up for CIO Asia eNewsletters.