Cyber Skills Gap In UK Businesses

According to a report compiled by the Department for Digital, Culture, Media and Sports (DCMS), the number of UK businesses with basic cyber security skills has dropped in 12 months.

The report was based on information analysed from the labour market databases, interviews with training providers and quantitative surveys with UK businesses, and revealed the figure dropped from 54% in 2018, to 48% in 2019.

It has been revealed that organisations still have people who haven’t been shown how to complete the basic cyber security tasks such as setting up firewalls, storing data and removing malware. Worryingly, all of these are tasks that are set out in the Governments Cyber Essentials accreditation scheme, the minimum cyber security standard all organisations are encouraged to adopt.

More startling statistics were revealed in the DCMS report, with 27% of organisations understaffed when it came to incident response. Whilst 30% lacked more advanced cyber skills which include penetration testing, forensics and security architecture.

The skills shortage isn’t just about training the current staff you have. But filling the gaps in the potential roles is also proving tricky.

64% of organisations admitted they suffered problems regarding the gaps in their employee’s cyber security skills, and a quarter revealed this had seriously impacted their business goals.

There seems to be a huge demand in cyber security skills roles, with people needed to complete:

  • Threat assessment or information risk management
  • Assurance
  • Audits
  • Compliance or testing
  • Cyber security research
  • Implementing secure systems
  • Governance management

As with these shortages, 35% the companies who were spoken to as part of the report, revealed that they had difficulty filling vacancies. This was due to applicants lacking technical skills or knowledge (43%) or relevant soft skills (22%).

The report also covered the diversity in the cyber security sector. 15% is said to be female, whilst only 16% of roles are filled by those from ethnic minorities. 9% of the workforce were classed as neurodivergent.

As a result of this the government has put out a call asking for a greater investment in cyber security technical skills and training. This includes targeted children in schools by providing courses that can be used in schools and specialised in at university. Training providers should also offer courses helping the wider workforce.

The report stated:

“Many employers could benefit from broadening their recruitment practices, to employ more career starters, apprentices, graduates, people transitioning from other sectors or roles outside cyber security, and those from diverse groups.”

With the current climate the way it is, as the world slowly begins to recover from the effects of the Coronavirus, I think it’s safe to say that things will worsen before they improve.

What are your thoughts on the cyber security skills gap? Is it impacting your organisation?