Most UK companies surveyed by KPMG said they would consider using a hacker–even one with a criminal record–to help combat cyber threats.
“The survey revealed that many companies are becoming increasingly desperate as they struggle to get the right people on board,” KPMG said in a press release.
The survey showed 53 percent of senior information technology and human resources professionals said they would consider using a hacker to bring inside information to their security teams.
Almost the same amount–52 percent–said they would consider using a hacker with a criminal background.
Almost three quarters (74 percent) said new cyber challenges require new skills, and 70 percent that their organization “lacks data protection and privacy expertise.” The skills needed to meet the challenges differ from conventional IT skills, according to 64 percent of those surveyed.
Though 60 percent said they had a strategy to deal with skills gaps, 57 percent reported more difficulty retaining staff with specialized cyber skills in the past two years and 52 percent that head-hunting in the field had grown more aggressive.
But most UK companies “wouldn’t hire pickpockets to be security guards,” said Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy.
“Rather than relying on hackers to share their secrets, or throwing money at off-the-shelf programs that quickly become out of date, UK companies need to take stock of their cyber defense capabilities,” she added. “It is important to have technical expertise, but it is just as important to translate that into the business environment in a language that senior management can understand and respond to.”
KPMG said it surveyed 300 senior IT and HR professionals in October at organizations of 500 to 10,000 employees.