Half Of UK Business Has A Critical Cyber Skills Gap

The number of UK companies with a basic cyber security skills gap has dropped since 2018 but still stands at around half of all businesses, according to a new government study from the Department for Digital, Culture, Media and Sport (DCMS). The report is compiled from analysis of labor market databases, interviews with training providers and quantitative surveys with UK organisations.
 
Although down from 54% in 2018, 48% of firms still have staff unable to carry out the basic tasks outlined in the government’s Cyber Essentials scheme, such as setting up firewalls, storing data and removing malware.
 
The skills gap is exacerbated by Brexit uncertainty as 73% of participants in the study state that Brexit is a major concern when they are considering hiring cybersecurity professionals from outside of the UK. 95% expect that Brexit will widen the skills gap further as there are many IT security professionals already working in the UK, from other countries. This could be due to the lack of advanced cybersecurity education available in the UK.
 
The Report says that only half of businesses (50%) and charities (49%) say they have carried out an internal or external audit in the last 12 months. 
 
The research also suggests that the quality of these audits varies greatly. In some cases, external audits were broader financial audits that covered aspects of cyber security but did not focus on the topic. From the DCMS report onl a minority of organisations have carried out andy of the following actions:  
  • Report being insured against cyber risks (32% of businesses and 31% of charities)
  • Have reviewed the cyber security risks presented by suppliers (15% of all businesses, 43% of large businesses specifically, and 13% of charities)
  • Have reported cyber security breaches to anyone beyond their IT or cyber security providers (27% of businesses and 38% of charities, among those that identified any breaches or attacks).
The qualitative research also suggests that current communications, both around supplier risks and reporting of breaches, can be confusing for organisations.
 
The report claimed that 30% of UK businesses also lacked more advanced cyber-skills in areas such as pen testing, forensics and security architecture, while over a quarter were understaffed in terms of incident response (27%).
 
Other skills in high demand included: threat assessment or information risk management, assurance, audits, compliance or testing, cybersecurity research, implementing secure systems and governance and management. 
  • Two-thirds (64%) admitted they suffered problems with cybersecurity skills gaps and a quarter (25%) complained that this had seriously impacted business goals.
  • A third (35%) of employers reported vacancies being hard to fill, either because applicants lacked technical skills or knowledge (43%) or relevant soft skills (22%).
  • The government report also claimed that just 15% of the current cybersecurity workforce is female, much less than the 24% global figure reported by (ISC)2.
  • Diversity is lacking elsewhere: just 16% come from ethnic minority backgrounds and only 9% were classed as neuro-divergent.
More businesseshave carried out a formal analysis of their training needs in 202 (22% versus 14%) in 2018 and more consider it essential to have incident response skills (23% versus 17%).
 
The government called for greater investment in technical skills and training, more relevant courses from schools, universities and training providers, and a more open attitude from recruiters. “Many employers could benefit from broadening their recruitment practices, to employ more career starters, apprentices, graduates, people transitioning from other sectors or roles outside cybersecurity, and those from diverse groups,” the report says. 
 
GOVUK:      Infosecurity Magazine:    Professional Security      TheDefenceWorks:   
 
Looking For A Career In Cybersecurity?
Our Directory of Suppliers lists Job sites and Recruitment firms focused on Cybersecurity talent acquisition, job placements & career development:  HERE 
 
You Might Also Read: 
 
The Scope Of A Cyber Security Audit:
 
Take Action On Cyber Security Training:
 
 
 
 
 
« New Cyber Security Jobs
Cyber Attacks Up 500% In A Month »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cambray Solutions

Cambray Solutions

Cambray Solutions specializes in locating and securing technical professionals, managers, and executives.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

VTT Technical Research Centre of Finland

VTT Technical Research Centre of Finland

VTT is the leading research and technology company in the Nordic countries. Areas of activity include cyber security.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

Infosec (T) Ltd

Infosec (T) Ltd

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

Ackcent Cybersecurity

Ackcent Cybersecurity

Ackcent's mission is to help our clients to protect their critical digital assets by providing them with a portfolio of specialised professional services.

AEWIN Technologies

AEWIN Technologies

AEWIN is professional in the fields of Network Appliance, Cyber Security, Server, Edge Computing and an ODM/OEM expert.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

Netox

Netox

Netox is a comprehensive IT service provider that combines IT support services, IT solutions and specialist services; specializing in cybersecurity solutions.