Half Of UK Business Has A Critical Cyber Skills Gap

The number of UK companies with a basic cyber security skills gap has dropped since 2018 but still stands at around half of all businesses, according to a new government study from the Department for Digital, Culture, Media and Sport (DCMS). The report is compiled from analysis of labor market databases, interviews with training providers and quantitative surveys with UK organisations.
 
Although down from 54% in 2018, 48% of firms still have staff unable to carry out the basic tasks outlined in the government’s Cyber Essentials scheme, such as setting up firewalls, storing data and removing malware.
 
The skills gap is exacerbated by Brexit uncertainty as 73% of participants in the study state that Brexit is a major concern when they are considering hiring cybersecurity professionals from outside of the UK. 95% expect that Brexit will widen the skills gap further as there are many IT security professionals already working in the UK, from other countries. This could be due to the lack of advanced cybersecurity education available in the UK.
 
The Report says that only half of businesses (50%) and charities (49%) say they have carried out an internal or external audit in the last 12 months. 
 
The research also suggests that the quality of these audits varies greatly. In some cases, external audits were broader financial audits that covered aspects of cyber security but did not focus on the topic. From the DCMS report onl a minority of organisations have carried out andy of the following actions:  
  • Report being insured against cyber risks (32% of businesses and 31% of charities)
  • Have reviewed the cyber security risks presented by suppliers (15% of all businesses, 43% of large businesses specifically, and 13% of charities)
  • Have reported cyber security breaches to anyone beyond their IT or cyber security providers (27% of businesses and 38% of charities, among those that identified any breaches or attacks).
The qualitative research also suggests that current communications, both around supplier risks and reporting of breaches, can be confusing for organisations.
 
The report claimed that 30% of UK businesses also lacked more advanced cyber-skills in areas such as pen testing, forensics and security architecture, while over a quarter were understaffed in terms of incident response (27%).
 
Other skills in high demand included: threat assessment or information risk management, assurance, audits, compliance or testing, cybersecurity research, implementing secure systems and governance and management. 
  • Two-thirds (64%) admitted they suffered problems with cybersecurity skills gaps and a quarter (25%) complained that this had seriously impacted business goals.
  • A third (35%) of employers reported vacancies being hard to fill, either because applicants lacked technical skills or knowledge (43%) or relevant soft skills (22%).
  • The government report also claimed that just 15% of the current cybersecurity workforce is female, much less than the 24% global figure reported by (ISC)2.
  • Diversity is lacking elsewhere: just 16% come from ethnic minority backgrounds and only 9% were classed as neuro-divergent.
More businesseshave carried out a formal analysis of their training needs in 202 (22% versus 14%) in 2018 and more consider it essential to have incident response skills (23% versus 17%).
 
The government called for greater investment in technical skills and training, more relevant courses from schools, universities and training providers, and a more open attitude from recruiters. “Many employers could benefit from broadening their recruitment practices, to employ more career starters, apprentices, graduates, people transitioning from other sectors or roles outside cybersecurity, and those from diverse groups,” the report says. 
 
GOVUK:      Infosecurity Magazine:    Professional Security      TheDefenceWorks:   
 
Looking For A Career In Cybersecurity?
Our Directory of Suppliers lists Job sites and Recruitment firms focused on Cybersecurity talent acquisition, job placements & career development:  HERE 
 
You Might Also Read: 
 
The Scope Of A Cyber Security Audit:
 
Take Action On Cyber Security Training:
 
 
 
 
 
« New Cyber Security Jobs
Cyber Attacks Up 500% In A Month »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Maureen Data Systems (MDS)

Maureen Data Systems (MDS)

Our mission at Maureen Data Systems is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

Bl4ckswan

Bl4ckswan

Bl4ckswan is a Management Consulting firm specialized in the delivery of information security and compliance services.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

Internetwork Defense (IND)

Internetwork Defense (IND)

Internetwork Defense is a premier provider of Information Security Training and Business Consulting Services in the Mid-Atlantic region.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

MainNerve

MainNerve

MainNerve helps secure networks, applications, people, and facilities… enabling businesses to reduce risk and increase their cybersecurity posture.

Cynomi

Cynomi

Cynomi is a leading strategic cybersecurity operations platform that automates cybersecurity knowledge and expertise to empower teams with little to no in-house expertise.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.