Addressing the cybersecurity skills gap

Last year, the UK government announced plans to conduct an audit into the state of the country’s cybersecurity workforce. This survey planned to examine private businesses as well as public sector organisations and focus on the issues and shortage of training and employment of cyber security professionals.

The investigation came at a time where the cybersecurity industry in the UK witnessed a dramatic increase in opportunities and a shortage in talent. A new report from the Department for Digital, Culture, Media and Sport recently revealed that the UK’s cybersecurity industry is now worth an estimated £8.3 billion, with total revenues in the sector up 46 per cent from £5.7 billion in 2017.

The number of active cybersecurity firms in the UK has increased 44% from 2017 up from 846 in 2017 to over 1,200 at year-end 2019. 

This growth is the equivalent to a new cybersecurity business being set up in the UK every week.

Growing demands

There are now approximately 43,000 full time employees working in the cybersecurity sector. 

The data shows that 2019 was a record year for the sector with more than £348 million of investment and over the last four years (2016-19), total investment identified within the cybersecurity sector has exceeded £1.1 billion, demonstrating how confidence has grown in the industry.

Whilst the demand is great for the economy, the shortage of jobs and education around the industry still poses an issue. Businesses in the cybersecurity industry find it difficult to hire the right candidates. 

Furthermore, according to the 2019 ISC2 Cyber Security Workforce Study, 2.8 million professionals work in cybersecurity around the globe, but an additional 4 million trained workers would be needed to close the skills gap and properly defend organisations.

There is a serious skills shortage across the tech industry and in multiple roles. According to our annual digital skills audit 25% of businesses reported that in the last 12 months they have not been able to fill all of their open vacancies,” says Katie Gallagher, Managing Director  at Manchester Digital, the city’s tech and digital trady body.

“Cybersecurity mirrors the rest of the industry and suffers similar shortages. The only way that companies will solve their recruitment challenges is to roll up their sleeves and focus on growing their own talent pipeline.”

Challenging mindsets

The survey reported in CNBC finds that 65% of organisations report a shortage of cybersecurity staff, and more than a third say that skilled personnel is a top concern.

ISC2 CEO David Shearer said in an article published on CNBC: ″Workers know that they can move virtually wherever they want to because somebody out there is always going to need another cybersecurity professional,” he said, adding that skilled and entry-level workers are needed as the workforce ages.

Shearer adds that talent retention is a continual issue in this tight labour market, and burnout can occur as the number and severity of cyberattacks intensify.

“We need to have skilled people right now that can do the work but we also need to be building the next wave of people coming in to replace those that will be retiring in the not too distant future.”

The culture of the working industry is also a challenge for those looking to hire the right candidate in the cybersecurity sector. The mentality among workers is also slowly shifting, with many candidates now preferring to work as contractors instead of full-time staff.

Alternative education paths

On a Governmental level, there is increasing scrutiny of our education system and its ability to support those who choose alternate career paths. Raising awareness for the cybersecurity industry should start earlier within the higher education system to those interested in pursuing a career in this sector. 

Of course there are new education tools available outside of the traditional classroom such as workshops and courses, designed by those in the cybersecurity industry to attract new talent. 

Courses such as Google Gruyere offers extensive lessons in coding and understanding hackers and IBM’s Security’s Academic Outreach program focuses on partnering with educational and research institutions to develop cybersecurity talent and close the skills gap. 

These tools all encourage collaboration within the cybersecurity community. Collaboration and transparency is the only way education will be able to keep up with the rapidly evolving threat landscape. 

Katie Gallagher adds: “We run two programmes with secondary schools to try and increase the volume of people choosing a career in the tech industry. Digital Futures is a digital skills curriculum support and careers insights programme for schools and colleges in Greater Manchester. 

“It is designed to connect education and industry through role models and industry mentors. We also run Digital Her which is a series of roadshows, a summer school and work experience specifically designed to encourage more young women to enter the industry.”

A not-for-profit venture in Manchester is also disrupting the market and has a true focus on collaboration in helping to tackle cyber crime;The Cyber Resilience Centre is a collaboration between Greater Manchester Police and Manchester Digital.

The mission here is to support local SMEs to become cyber aware and implement services and procedures suitable for their own online practices. Based in the Manchester Tech Incubator at Circle Square alongside other leading data science and innovation technology companies, the Cyber Resilience Centre has access to a bespoke programme of business support which provides them with the ability to scale their business at a much faster rate than anywhere else along with much needed connections to the city’s universities.   

Neil Jones, Director of the Cyber Resilience Centre GM and Head of Innovation at Greater Manchester Police says: “It is estimated that cyber crime costs the Greater Manchester Economy £860 million per year and so it is important that we work in partnership to ensure businesses are kept safe. 

“We’ve got a great opportunity to raise cyber awareness among SMEs; working with universities to recruit junior ethical hackers who will help deliver training to SMEs about how to improve their cyber awareness.”

Due to the current pandemic of COVID-19, businesses are facing heightened security risks and more threats than ever before. The recent crisis has seen many firms battle with cyber-attacks in the form of phishing emails and ransomware, amongst various other forms in this period of uncertainty. In fact, 80% of cyber threats have used COVID-19 as leverage

Nearly every type of established cyber attack has been used with coronavirus themes, including business email compromise (BEC), credential phishing, malware, and spam email campaigns.  The most popular and effective attack is credential phishing. 

As COVID-19 has captured the world’s attention on an unprecedented scale, there’s hardly an industry or sector that hasn’t been affected in some way by the rapid global spread of the pandemic.

The current situation has urged businesses to be more vigilant than ever before about cyber security, potential threats, and, what they can do about it and the signs to look for when training their staff and protecting their internal infrastructures.

Whilst Government support has been made available, businesses are under extreme pressure to mobilise all their forces and infrastructure and are expected to face an increase of cybercrime threats in this period.