Cyber security skills gap in the UK

Reading Time: 4 minutes The cyber security industry is experiencing a global skills shortage as advancing technology begins to outpace the speed at which professionals can assess the threats.

Cyber Security

Written by:

Reading Time: 4 minutes

Skills gap currently and predictions

The cyber security industry is experiencing a global skills shortage as advancing technology begins to outpace the speed at which professionals can assess the threats. As technology becomes ever more essential to almost every industry, the need for security staff continues to grow. The UK is feeling the shortage acutely and has even produced the Initial National Cyber Security Skills Strategy in an attempt to tackle the issue. 

As organisations across the country experience the lack of professionals with the skills to protect them from malicious actors, the problem is only predicted to get worse. By 2021, there is expected to be 3.5 million unfilled jobs in the cyber security sector. As businesses scramble to snag the best-performing candidates in the job market, countless companies will be left with poor quality cyber defences in a world where cyber crime is becoming an increasingly larger threat.

The global industry

The UK’s cyber security shortage reflects the general health of the industry, as roles go unfilled on every continent. The US predicts a shortage of 1.8 million by 2022, up from 1.5 million in 2015 while there are currently 142,000 unfilled specialist jobs just in Europe. As of the end of last year, the global shortage had already reached 3 million and shows no sign of slowing down.

Not only will UK employers have to compete with each other, they will also have to ensure that their roles are competitive globally to secure the best staff possible from the talent pool.

In-demand global skills

Though most cyber security professionals start their careers with a qualification in computer science, as new technologies continue to emerge in the world of work, these courses may not be providing the sufficient training graduates will need to enter the market. Most cyber security courses start at master’s level and information security is not given a wide range of attention on many undergraduate courses. 

Comparing some of the most in-demand cyber security skills with course listings on UCAS shows that, for some of the latest emerging technologies like Internet of Things and cloud computing, there are very few courses with any dedicated modules. Additionally, only one course listed on UCAS mentions penetration testing, a role which is soon likely to be required by organisations in every field.

Confidence of industries in specific areas

According to research by the Department for Digital, Culture, Media & Sport, organisations need penetration testing skills the most, with an average of 53% saying they were not confident in performing the task. The discrepancy between the demand for this skill and its non-existent presence on syllabuses shows just one way in which the divide between industry and education is influencing the skills gap.

The majority of those working as ethical hackers globally are self-taught, suggesting that those with the necessary drive will be the most successful. However, in order to support entry-level cyber security professionals, education courses should be focusing on these kinds of skills to ensure that standardised and professional training is readily available.

Popular professional qualifications

Training current staff to fill holes in the organisation is another priority which should be addressed to support the skills gap. Specialist jobs are more likely to be left vacant when compared with entry-level positions so until education comes into line with the industry businesses should be taking the initiative to nurture their staff in line with the business’ objectives.

Professional qualifications can also help staff develop their soft skills, another area lacking in the cyber security industry. By developing well-rounded employees with specialist knowledge and management training, organisations can tackle their own skills gaps and reduce the pressure on new entrants to the job market.

Universities offering specific courses

UCAS lists over 1,000 computer science degrees in the UK but degrees with a cyber security focus are distinctly lacking. A list of GCHQ-approved master’s courses shows institutions across England and Scotland which have dedicated courses for cyber security. However, there are only four specific bachelor’s degree courses approved by the National Cyber Security Centre. 

While it is not the responsibility of education providers to train students with the sole intention of getting a job, it’s vital that there is some co-operation in which students receive the training they need to be successful. It is difficult to predict which tech trends will last and for this reason, education providers can’t simply alter their courses without careful consideration. 

On the other hand, there is no doubt that cyber security is only going to become more essential in the coming years and initiating students’ interest in the field is a good way to start closing the gap. Not only this, but the responsibility of cyber security will soon pervade the job roles of all tech staff so a basic understanding of cyber security principles will encourage cyber health across the board.

Gender inequality

Gender inequality in the tech sector is commonly discussed as an issue and is doing the skills gap no favours. Many industries, such as engineering, have turned their focus to the gender gap and have noticed that diversity is a plausible way to tackle worker shortages. Just 17% of the UK’s tech workforce are women and only 16% of cyber security students for the year 2016/17 were women. 

Ensuring that women are encouraged to consider cyber security as a career is essential and promoting women’s presence at every level of the industry is sure to help close the skills gap in the coming years.

Neurodivergence

A growing discussion in the cyber security industry is how promoting neurodivergence will help tackle the skills gap. In much the same way as gender inequality should be tackled, the cyber security industry should be a welcoming place for all candidates to prove themselves regardless of identity. 

NeuroCyberUK is a group devoted to supporting neurodiverse individuals bring their talents to the cyber security sector. Identifying ways that the cyber security industry can open itself to more prospective candidates will be beneficial not only to the industry but to the UK workforce in general.

The cyber security skills gap is a deeply complicated issue which will require commitment from professionals, education providers and employers alike. Essentially, these groups will have to work together to keep our digital landscape secure and keep up with the hackers becoming more sophisticated every day.

This article was written by Damon Culbert from Cybersecurity Professionals, worldwide cyber security jobsite.