The costs of IT security are increasing, argues Paul Hunt, managing director of Phoebus Software Ltd.

IT security experts and cyber forensic professionals working in the lending community and wider mortgage market are already hot property, but the UK government’s new National Security Strategy is likely to see their stock rise even further.

One of the major focuses of the government’s national security strategy white paper is the growing threat of cyber terrorism. Like many countries, the UK is potentially vulnerable to attacks from terrorist groups, foreign states, and criminals (it is particularly easy to attack us here in the West thanks to the growing importance of computer networks in daily life. By 2015, there will be more networked devices in the world than humans). The single greatest source of serious cyber threats comes from Chinese spies using advanced computer hacking to penetrate government departments and firms to steal secrets and valuable industrial technology.

Although this sounds very impressive and modern, we’re actually behind the game. Back in 2006, the US Secretary of the Air Force announced the creation of the Air Force Cyber Command, which was given the job of monitoring and defending American interests in cyberspace. The White House has even appointed a head of Cyber Security to coordinate U.S Government, military and intelligence efforts to repel hackers.

So what? Why would anyone in mortgages care about Chinese spies attacking MI6? Two reasons.

First, lenders can get caught in the cross fire if a country is subject to cyber-terrorism. In May 2007, Estonia was subjected to a mass cyber-attack in the wake of the removal of a Russian World War II war memorial from the capital, Tallinn. The attack was a distributed denial-of-service attack in which selected sites were bombarded with traffic to force them offline nearly all Estonian government ministry networks were knocked offline. Two major Estonian bank networks were knocked offline, too.

Second, and perhaps of more immediate concern to lenders is that the government’s new focus on cyber-terrorism will lead to a bidding war for top talent. The numbers of cyber forensics and IT security professionals in the UK is very limited. To combat the threat posed by attackers seeking to hijack computers to steal secrets, damage the economy, and paralyse national services, MI5, the Metropolitan Police and other state institutions will need lots of new staff.

Even if Britain’s blue-chip security services do stop the attacks from the 20 espionage networks currently operating against the UK’s interests, it’s financial services companies like lenders that will pay the price when the government pinches their best IT staff. It’s a limited pool of talent, and a large proportion of IT security experts work for banks and lenders. IT and telecommunications recruiter Greythorn has pointed out that there are only about 2,200 people qualified for top-level IT Security roles in the whole country. It’s a simple case of supply and demand.

The roles are extremely specialist and there are a lot of hoops to jump through before you reach that level. IT professionals take networking positions to gain experience, then qualifications in CCSA, CCSE, VPN solutions, Firewall, and remote access. Finally, they need to become accredited as Certified Information Systems Security Professionals. It’s a lengthy process and there are only 2,200 people with these qualifications in the UK. A significant percentage of them work in financial institutions.

They are already relatively valuable. A head of security at a bank should command a salary of approximately £100,000 a year. But remuneration packages are bound to rise in the ensuing war for cyber security talent. Expect a bidding war.