How to stop the cyber security skills gap getting even worse
The UK is suffering from serious skills shortages – and cyber security is one of the hardest-hit industries.
Since 2014, the number of organisations reporting a problematic cyberskills shortage has more than doubled, from 23% to 51%.
According to government, in 2022, around 697,000 businesses have a basic cyber security skills gap. That means that people with responsibility for security aren’t confident carrying out key tasks within the Cyber Essentials scheme - such as setting up firewalls, correctly storing data, and dealing with malware.
We see this play out in very serious, public crises. For example, a ransomware attack on NHS systems in 2022 caused chaos with dispatching ambulances, booking out-of-hours appointments, and issuing emergency prescriptions.
But a skills shortage in cyber security is also a global issue, with an estimated shortfall of 3.5 million cyber security jobs worldwide. A well-publicised attack at Uber caused the leak of 57 million users’ data.
With so much at stake, you'd think businesses would be working around the clock to recruit, train and retain as many cyber security professionals as possible. Unfortunately, it’s not that simple:
Since Brexit, the UK has seen a record drop in EU immigration, while the number of EU citizens leaving the UK (130,000) is at a 10-year high. We clearly need more skilled workers, but facing continued uncertainty, employers are starting to move their security functions overseas.
Many employers train their staff in specific products, rather than wider security frameworks, so staff aren’t getting vital transferable skills. This means experienced cyber security professionals spend most of their time dealing with emergencies, instead of planning for the future or training staff.
Ironically, technology teams aren’t practising what they preach in terms of investing in software they need to manage processes. Frustrating, when they know only too well that tech like artificial intelligence, automation and analytics can speed up security processes and take some of the pressure off staff.
So what's the solution?
It's time to rethink education. Employers need to take control and invest – either upskilling new ones or recruiting and training new talent. Once resources are in place, training providers need to make sure their programmes are well-rounded and delivered to high standards.
Apprenticeships offer a robust solution. Most cyber security apprenticeships are high-level programmes – equivalent to a degree – and cover a range of technical skills and knowledge. Employers are very involved in the training process – they can help write the programme, mentor their apprentices, teach them in-house skills – and even use their apprenticeship levy to pay for training.
Apprenticeships are a win:win for new and existing staff looking to upskill, while giving businesses flexibility in how to build their own expertise. And there's never been a better time to hire an apprentice – with courses available in cyber risk management, cyber security and security analysis – with dedicated funding available, too.
The solution is simple. If you're struggling to find the skills you need, get on board with apprenticeships.
Download our free guide to find out everything you need to know about hiring a cyber security apprentice – from how to recruit, how to deliver, how to fund, and how to make apprenticeships easy.
This article includes research and opinion sourced by OneFile at the time of publication. Things may have changed since then,
so this research is to be used at the reader's discretion. OneFile is not liable for any action taken based on this research.