New research reveals 87% of UK CIOs and high-level IT professionals are struggling to find the right cybersecurity experts to fill internal vacancies for their companies in order to combat growing cyber risk.
The study by digital resilience company RedSeal, and as reported by Netimperative, reveals that the UK may have a major weak point when it comes to fighting cybercrime and protecting against cyber-attacks. Netimperative cites another study which estimates that cybercrime cost UK businesses alone £2.3 million per minute in 2018.
Made worse by Brexit uncertainty
The skills gap is exacerbated by Brexit uncertainty as 73% of participants in the study state that Brexit is a major concern when they are considering hiring cybersecurity professionals from outside of the UK. 95% expect that Brexit will widen the skills gap further as there are many IT security professionals already working in the UK, from other countries. This could be due to the lack of advanced cybersecurity education available in the UK.
More action is needed
Netimperative writes that little has been done since Parliament’s Joint Committee on the National Security Strategy published its “Cyber Security Skills and the UK’s Critical National Infrastructure” report in July 2018. The report said that:
“Although the UK has one of the most vibrant digital economies in the world, there is not currently the cyber security skills base to match, with both the Government and private sector affected by the shortage in skills.”
The report’s authors raised concerns over the UK government’s lack of urgency in addressing the cybersecurity skills gap in relation to Critical National Infrastructure. And this is without attention to the affect of the skills gap in wider industry.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
The UK’s cybersecurity sector is potentially the largest in Europe with a value of over $5 billion but the shortage of cybersecurity talent is without question.
As per James Lyne writing for TechRadar, the UK government has launched an Initial Cyber Security Skills strategy with £2.5 million in funding for a UK Cyber Security Council which will have the role of developing a skilled workforce for the future.
This August, the government appointed the Institute of Engineering and Technology (IET) to lead the council. And, three years ago a government-backed Cyber Discovery Programme was launched for 13 to 18-year olds and 50,000 students have taken part to encourage more young people to enter careers in cybersecurity.
But, by 2021, as per Lyne and Cybersecurity Ventures there will be 3.5 million unfilled cybersecurity vacancies globally. Help Net Security and ISC (2) put the global cybersecurity skills gap higher, at over 4 million vacancies now. It says that in the UK the shortage of cybersecurity professionals is nearly 300,000.
City A.M and Cisco UK’s chief technologist, Chintan Patel, notes that it has recently been reported that there has actually been a drop of 40,000 in the number of pupils sitting GCSEs in computing or ICT.
There is an immediate and outstanding cybersecurity skills gap. But also, a lack of comprehensive cybersecurity and even ICT and programming education in schools and further education in order to nurture the cybersecurity workforce of the next decade
The government announced in September it would conduct an assessment of the UK’s cybersecurity workforce. Ipsos MORI will survey private and public sector organisations as well as charities and focus on issues of both employment and training of cybersecurity professionals.
Ipsos MORI published the results of last year’s survey in April this year as per the release of findings from the National Cyber Security Centre (NSCS) and the Department for Digital, Culture, Media and Sport. This previous survey focused on individual awareness of, and attitudes towards cybersecurity.
There are other government led initiatives to meet the cybersecurity skills gap too, like the Cyber Skills Immediate Impact Fund. And, cybersecurity has, and rightly so, appeared on recent General Election 2019 party manifestos.
It is clear there is much to be done to halt a growing shortage of cybersecurity professionals both in industry and by governments.
Every business of every size, however, can take action today to prevent a cybersecurity skills shortage from enabling cyber-attacks, cybercrime, and data breaches. Cybersecurity and security awareness training can and should happen in the workplace and it is not just applicable to IT departments.
A cyberattack and subsequent system breach can occur anywhere within an operation. Fostering a corporate wide culture and awareness of cybersecurity with every employee in every department is crucial in the fight against cybercrime. It will also help to mitigate the risks posed by a global cybersecurity skill shortage and raise awareness of the sector to perhaps inspire future career paths.
Want to help secure your organisation? Sign up for a free demo and find out how we’re already helping organisations just like yours.