There's a Shortage of Cyber Skills in the UK Workforce: Here's How We Solve It

The UKs cyber security skills shortage is nothing new. It has been highlighted year-on-year by the ESG (or the environmental societal governance) which defines the determining factors in measuring the sustainability and ethical impact of businesses across the UK. 

The criteria as specified by ESG helps to determine the future financial performance of companies based on risk and return. It is considered a key assessment metric that helps investors to determine the projected ROI of any investment. 

Each year IT professionals are asked about the challenges they face and the strategies they employ to combat these challenges. The 2018/2019 survey overwhelming highlighted that the lack of cyber security skills to be the biggest obstacle businesses face today. 51% of respondents admitted that they weren’t confident in carrying out a cyber security risk assessment. 47% said that they lacked confidence in developing cyber security policies. 

Businesses Don’t Feel Confident in their Current Cyber Security Protocols 

That half of businesses don’t feel equipped to manage any cyber security threats is alarming – and highlights the stark shortage of cyber skills that dominates both public and private sector landscapes. A single report discovered that UK businesses faced an average of approximately 146,000 attempted security breaches between April and June this year – or one every 50 seconds.

Despite this there is a distinct lack of cyber skills across the UK workforce, despite 30% of UK businesses attempting to recruit for cyber security role in the past few years. IT professionals and recruiters have cited the embedded legacy of human resources that has proven to be the defining attribute for the lack of candidate sourcing. 

A Change in Perspective

It’s apparent that businesses are uneducated in the finer details of cyber security. This results in a ‘box-ticking’ skillset approach to cyber security recruitment – something that doesn’t necessarily indicate that candidates have the requisite competences to oversee something as vital as enterprise cyber security. This can be exacerbated by companies who can fail to acknowledge some of the soft skills required to perform a cyber security role effectively. 

For instance, technical language can be very alienating to business owners with little experience of cyber security. Being able to clearly explain risk and the actions needed to mitigate aggressive attacks is paramount. Any failure to do so could potentially impact the safety of an organisation. 

Not only that, cyber security threats are increasingly changing – and becoming more sophisticated. HR teams must act to safeguard sensitive commercial data by employing individuals with diverse skillsets. One solution is to upskill IT professionals to address any skills gap. However, this of course, presents its own set of challenges.

So, what can be done to solve the lack of cyber security skills in the UK workforce?

More Emphasis on Education

Given the radical change in the global commercial world since the advent of the digital age and the cost of a university education, it’s perhaps unsurprising that education paths have evolved. Whereas traditional courses are still undertaken by approximately 700,000 undergraduates – a record number – a significant number of people are opting to enter the workforce or undertake vocational training when they finish formative education. 

The evolving commercial world has placed the UK education system under increasing levels of scrutiny to foster alternative career paths. Paul Johnson, director of the institute for fiscal studies, has said that lesser-known but in-demand career paths are seriously underfunded.

It shouldn’t come as much of a shock that the cyber security industry is one of the victims of this lack of funding. The increasing sophistication of nefarious attacks places a demand for a skilled workforce that can offer expansive and definitive enterprise solutions. With incursions increasing, training more people in fundamental cyber security skills as a pathway to build a career as a specialist will have long-lasting benefits to both the and our corporate digital ecosystem. 

Better Training Programmes

The lack of vocational cyber security IT professionals means that businesses have been forced to find alternative ways to upskill their teams. This seems almost inconceivable given the constant and severe cyber security threats that businesses are under, however in 2019, it’s the reality. 

It might not be too ambitious to suggest that in the coming years a wide-reaching cyber security industry emerges to tackle the problem of threat incursion. However, as of the end of 2019, this isn’t even on the cusp of becoming a reality. 

There are educational courses that IT professionals can undertake, however the growth of such courses has stagnated over the last few years. Also, such courses aren’t necessarily equipped to tackle the evolving landscape of cyber security environment. Practical application and continual learning are thought of as the best ways to tackle increasingly sophisticated attacks. 

However, if you look at security from a hacking perspective, understanding the ethos of those would-be criminals, it could be possible to design niche security measures with the potential to comprehensively safeguard sensitive commercial data. This, perhaps, is the best way of equipping professionals with the creativity and ethos to understand how criminals think online and to design a series of protocols to aptly safeguard commercial data.

Improve the Recruitment Process

It’s generally acknowledged that there is a tendency to generalise cyber security recruitment. People are recruited for roles based on a set of metrics: education, experience, acumen, personality etc. However, each role and each employer are different. Some favour educational background over personality. Others believe personality to be a central attribute, allowing employees to effortlessly slot into the culture of the company. Then there’s the level of competency in managing, often, large-scale enterprise security. 

There is no single type of security attack. There is no single commercial solution. Cyber security is a nuanced sector and as such professions within that sector are likely to be nuanced too. Any commercial cyber security recruitment process needs to embody the bespoke requirements of the advertised role. 

What does this mean? Some IT professionals may be well-versed in cloud security but have limited experience managing Internet of Things security. Some candidates may understand how to manage critical infrastructure security but be less confident tackling network security. 

When undertaking any recruitment process, employers need to make sure that the job they are advertising includes specific elements. Just writing cyber security as a bullet point on a job advertisement for an IT professional hardly denotes specificity. 

How We Solve the Shortage of Cyber Skills in the UK Workforce

There is no simple fix to the shortage of cyber skills in the UK workforce. Improved understanding of diverse cyber security needs, more focused and continual training and a streamlined recruitment process will all help employers to identify and hire the right individuals to confidently manage their cyber security. 

Then there’s the recent campaign by the Department of Digital, Culture, Media and Sport (DCMS) designed to get more people into the cyber security sector. With the goal of providing an accessible career path for anyone interested in cyber security, it’s hoped that this initiative will help to build a robust cyber security talent pool.

Ultimately, the problem of a lack of cyber security skills is something that needs to be addressed. The more we rely on our online and digital ecosystem to manage our commercial lives the more tailored cyber security measures will need to be implemented. The lack of skilled individuals leaves us all vulnerable. The sooner that appropriate measures are rubberstamped, and actions taken, the safer we’ll all be.