The following article by Invest Lithuania’s Senior Investment Advisor Monika Vilkelytė first appeared in the Outsourcing&More magazine. You can find the original here.
Assigning cyber security operations to GBS centres is a smart move for international companies. But finding the right location for such a centre can be a serious headache. Suitable locations need to have both fast, secure IT infrastructure and a strong pool (and future pipeline) of IT talent. Affordable locations offering this combination are few and far between. That’s why Lithuania, which is ranked 4th globally in the Cyber Security Index, is proving so attractive to global company groups in terms of cyber security operations. The likes of Oracle, Nasdaq and Outokumpu already have cyber security teams in Lithuania, while Moody’s is on the way to building its cyber security capabilities in Vilnius. With a strong pipeline of talent and a clearly defined National Cyber Security Strategy, there’s plenty of room for future growth.
The number of cyber attacks made against organizations around the world is increasing every year. Worse still, the complexity and severity of these attacks is also growing, as criminals search for ever-more sophisticated ways to break through a company’s cyber defences. With huge amounts of both company and customer data in their systems, and processes that are more deeply interconnected than ever, a major cyber attack could have catastrophic consequences.
To face this ever-changing threat, companies need to be innovative and responsive, constantly updating their cyber defences to meet the latest dangers. And increasingly, global companies are using the GBS model as the most effective way to manage their Cyber Security operations. By centralizing their cyber security team in one location, it becomes easier to adopt new innovative solutions. These teams are also more effective at focusing the limited time and resources a company has on mission-critical cyber services.
Finding the right model for managing cyber security (a GBS approach) is an important first step, but executing this model well is just as important. And one of the critical decisions a company has to make is where to locate the GBS centre that manages their cyber security.
Two features characterise the ideal location for a cyber security team. The location needs to have fast, well-developed and robust IT infrastructure. It also needs a wealth of IT talent from which to build a team of experts capable of responding to the latest threats.
Finding this combination is already a tall order, without even factoring in cost. This is not an area of operations where you want to cut corners, so low cost locations that don’t offer the quality needed are out of the question. On the other hand, building a team of high quality IT experts is prohibitively expensive in many cities and countries.
Lithuania offers the IT infrastructure and talent businesses need for cyber security, and at competitive costs compared to other EU locations.
Ranked 4th in the Global Cyber Security index, Lithuania’s IT infrastructure is well suited to cyber security operations. It is robust, with a strong focus at the executive level on cyber readiness and resilience. In 2017 Lithuania established a National Cyber Security Centre, and the following year a National Cyber Security Strategy was approved. This strategy covers not only the government, but also a wide range of non-governmental organizations, private sector players, and scientific and educational institutions. This means the whole ecosystem is building resilience, as shown by the introduction of advanced warning systems at critical infrastructure facilities last year.
In terms of talent, there are currently 38,000 IT professionals in Lithuania, with a further 10,600 students enrolled in IT studies. Funding for IT studies was recently doubled, ensuring further growth in the flow of IT talent. The government has also invested in an upskilling project focused on key areas including cyber security and AI, with the aim of adding new specialists to the market. Universities in Lithuania’s two largest cities, Vilnius and Kaunas, offer dedicated programmes for cyber security specialists, including MScs in Information and Information Technology Security, a BSc programme in Information Systems and Cyber Security and an MSc in Cybersecurity Management.
This means the level of quality, in terms of both talent and infrastructure, is comparable to other leading EU destinations. But, unlike those locations, Lithuania is a far more cost-competitive option.
Junior IT staff such as database administrators of Unix / Linux administrators can be hired to a around €2,000 per month, including taxes. The average salary for a senior QA specialist with 5 years’ experience is €2,700 tax inclusive, while a Senior cyber security specialist with 5 years experience earns €3,360. This means assembling a skilled cyber security team which includes highly experienced professionals is affordable and sustainable in Lithuania.
What’s more, Lithuania has the 3rd most affordable internet rates in Europe, and office rental costs are also highly competitive. As a result, overheads for GBS centres are also low in comparison with other EU locations.
These strong fundamentals have attracted some of the world’s largest companies to set up cyber security teams in Lithuania. Moody’s established a GBS centre in Vilnius in early 2019 which is planned to include an advanced cyber security unit. In fact, the availability of talent in this area was one of the major reasons Moody’s chose Lithuania, as Duncan Neilson, SVP HR Regional Lead EMEA explained when the centre was announced:“Given our goals of hiring diverse talent and further developing our automation and cyber security capabilities, choosing Lithuania as our newest EU location makes good business sense.”
Nasdaq also operates an IT centre in Vilnius. This centre has been developing constantly since its establishment in 2015 – it grew from 30 to 300 FTEs in 3 years – and includes a cyber security team. On a visit to Lithuania, Nasdaq’s CEO and president Adena Friedman noted the strength of the IT talent available. “This place has a great talent pool,” she commented. “At first we thought Lithuania was a centre of low cost, but today Vilnius is a centre of professionalism for us. This city is going to be an ever more important player for us.”
Overall, almost 10% of the GBS centres in Lithuania perform cyber security functions. This includes GBS centres of companies such as Danske Bank, DXC Technology, Outokumpu, Devbridge Group, TransUnion and many more. And the number is growing all the time.
Lithuanian cyber security teams are adept at product development as well. Oracle runs an office of 50 specialists in Kaunas who develop a range of products, including web application firewalls, and advanced API, DDoS, and cloud-based malware protection. According to Leon Kuperman, Vice President of the company’s software development division Oracle Dyn, the Kaunas team will be further expanded: “We are planning significant growth in the region, so we may need to move to a bigger office.”
TransUnion has a special team of Lithuanian cyber security specialists who continuously monitor the online security of more than 1,200 company employees and the information systems of TransUnion’s corporate customers worldwide. “The platform monitoring teams who are working on cyber security are the only TransUnion UK teams that operate 24/7, ensuring the uninterrupted and stable operation of all systems,” says Jonas Lukošius, Manager of TransUnion’s Kaunas office.
There are a number of other cyber security development teams operating in the Kaunas-Vilnius hub. NRD Cyber Security focuses on offering protection for public service providers, law enforcement, critical infrastructure and more, while US-based Arxan offers guarding solutions injected directly into its clients’ binary code. “We currently have offices in the US, the UK, and Japan,” says Andrew Whaley, Arxan’s SVP Head of Engineering. “In the near future, Vilnius has the potential to become our largest software development office.” Then there is CUJO AI, a Lithuanian tech company that develops AI-based online security solutions.
This developed ecosystem, combined with the range of cyber security training opportunities offered by local universities, means there is plenty of know-how and experience on offer in Lithuania. Existing players are actively involved in training up new talent – Moody’s cooperates with ISM business school, Oracle offers its own multi-level training programme, and Danske Bank offers flexible arrangements to students so they can begin working while they complete their studies.
Therefore, as the sector matures, an even deeper pool of expertise in cyber security will be available to companies looking to establish GBS centres in Lithuania.
The original article can be found here.
Invest Lithuania is here to keep you informed about the latest news, opportunities, and developments shaping Lithuania’s business landscape. If you have any questions or would like more details, feel free to contact us—we’re here to provide the insights you need.