Cyber warrior shortage hits anti-hacker fightback

* Governments, companies struggle with recruitment

* Cyber attacks could cost up to $400 billion globally

* Salaries rise as cyber security demand outpaces supply

By Peter Apps and Brenda Goh

LONDON, Oct 13 (Reuters) - For the governments and corporations facing increasing computer attacks, the biggest challenge is finding the right cyber warriors to fight back.

Hostile computer activity from spies, saboteurs, competitors and criminals has spawned a growing industry of corporate defenders who can attract the best talent from government cyber units.

The U.S. military's Cyber Command is due to quadruple in size by 2015 with 4,000 new personnel while Britain announced a new Joint Cyber Reserve last month. From Brazil to Indonesia, similar forces have been set up.

But demand for specialists has far outpaced the number of those qualified to do the job, leading to a staffing crunch as talent is poached by competitors offering big salaries.

"As with anything, it really comes down to human capital and there simply isn't enough of it," says Chris Finan, White House director for cyber security from 2011-12, who is now a senior fellow at the Truman National Security Project and working for a start-up in Silicon Valley.

"They will choose where they work based on salary, lifestyle and the lack of an interfering bureaucracy and that makes it particularly hard to get them into government."

Cyber attacks can be expensive: one unidentified London-listed company incurred losses of 800 million pounds ($1.29 billion) in a cyber attack several years ago, according to the British security services.

Global losses are in the range of $80 billion to $400 billion a year, according to research by the Washington-based Center for Strategic and International Studies that was sponsored by Intel Corp's McAfee anti-virus division.

There is a whole range of attacks. Some involve simply transferring money, but more often clients' credit card details are stolen. There is also intellectual property theft or theft of commercially sensitive information for business advantage.

Victims can also suffer a "hacktivist" attack, such as a directed denial of service to bring a website down, which can cost a lot of money to fix.

Quantifying the exact damage is almost impossible, especially when secrets and money are not the only targets.

While no government has taken responsibility for the Stuxnet computer virus that destroyed centrifuges at Iran's Natanz uranium enrichment facility, it was widely reported to have been a U.S.-Israeli project.

Britain says it blocked 400,000 advanced cyber threats to the government's secure intranet last year while a virus unleashed against Saudi Arabia's energy group Aramco, likely to be the world's most valuable company, destroyed data on thousands of computers and put an image of a burning American flag onto screens.