Insights
How can we solve the cyber security skills crisis? by Taylor Roth, Marketing Communications Executive It’s no secret that there’s a huge shortfall of talent in the cyber security industry. The number of people entering the industry is not at all proportionate to the volume of threats that continue to target users across the globe. According to a report released by the UK government’s Department for Digital, Culture, Media & Sport in March of this year, in order to keep up with demand, the UK should be attracting over 17,000 new people annually to cyber security jobs. Unfortunately, the current figure only stands at 7,500. As threats grow and evolve, so too does the technology developed to combat them. Since, technology is constantly changing to keep up with the pace and sophistication of cyber criminals’ tactics, an individual’s previous education, certification, and training may not align to current threat trends. However, it takes time for security professionals to develop knowledge of the latest tech and gain new, specialised skills. With this understanding, it’s not surprising to learn that 50% of all businesses in the UK have a basic cyber security skills gap. This means these businesses don’t have the internal skills necessary to carry out the tasks outlined in Cyber Essentials.
What are the consequences of this gap? Without a steady stream of new people entering cyber roles, organisations will struggle to achieve cyber security maturity. Currently, 45% of all businesses have just one employee tasked with managing all their cyber security. In addition, nearly 9 in 10 of all staff carrying out cyber functions in the private sector have taken them on from an existing, non-cyber related role. Without a robust team of experienced security professionals, UK businesses will be targets for cyber criminals and struggle to keep up with 16
the digital world, resulting a loss of money, sensitive data, and their brand’s reputation. In fact, 71% of employers already believe that the talent gap has caused direct, measurable damage to their business and growth plans. The shortage has also made it harder for smaller organisations to compete. In a review of the skills shortage across the EU, it was found that larger, wealthier organisations snatched up much of the talent in the market leaving “smaller companies and non-profit organisations struggling to attract the knowledge and skills that would allow them to run their business safely.” In our current digital landscape, we can’t allow smaller business to fall behind simply because there aren’t enough security experts available to for them to hire.
So, what can we do to close it? There are multiple approaches that address the problem from different angles including exposure, education, training, and recruiting. All these perspectives are important for driving more people to the industry, ensuring they have the right skills for the job, and sustaining a pool of qualified cyber security professionals in the future.
1. Exposure Getting kids interested and excited about cyber security is the first step to cultivating a pool of future talent. A number of organisations in the UK run programmes to attract young people to cyber security activities. One such organisation, Cyber Security Challenge UK, was founded in 2010 and aims to find and nurture cyber security talent by running events, competitions, and games across the country. SECON CYBER
