As the government launches its National Cyber Security Centre (NCSC), research reveals demand for cybersecurity skills is vastly outstripping supply in the UK, leaving organisations vulnerable to threats.

According to ISACA’s State of Cyber Security 2017 report, 25% of survey respondents believe today’s cybersecurity candidates are lacking in technical skills. Some 45% of respondents said the majority applicants don’t fully understand the complexities of cybersecurity.

More than 1 in 4 companies said the time taken to fill priority cybersecurity and information security positions can be six months or longer.

National Cyber Security Centre

The government today opened the NCSC, a part of GCHQ designed to be the ‘nerve centre’ for the management of cyber incidents.

Based in central London, the NCSC is tasked with making the UK the safest place in the world to live and work online.

At the opening of the centre, NCSC CEO Ciaran Martin said: “We will help secure our critical services, lead the response to the most serious incidents and improve the underlying security of the internet through technological improvement and advice to citizens and organisations.”

The launch of this facility follows the announcement of a five-year National Cyber Security Strategy in November last year, which is to be supported by £1.9bn of investment.

While officially opening today, the government claims the NCSC has been mitigating against attacks and responding to incidents since October.

The Philip Hammond, Chancellor of the Exchequer, highlighted the importance of the digital sector to the UK economy, stating that it is worth over £118bn per year.

“This cutting-edge centre will cement our position as world leader in cybersecurity and work carried out here will ensure our country remains resilient to potential attacks. Britain is transforming its capabilities in cyber defence and deterrence. It’s crucial we take action now to defend ourselves and protect our economy,” he added.

Multidisciplinary approach

Simon Shooter, partner at law firm Bird & Bird, said it’s taken a long time for people to accept cybercrime as a real business risk. Even now many firms make defense against such risks the sole responsibility of their IT departments.

“Dealing with the consequence of a major cyber incident, the people you need around the table are the COO/CEO and people from the legal, compliance and regulatory teams, HR, PR people together with the IT forensics team. It is essential to adopt a multidisciplinary approach,” he said.

Shooter went on to say businesses need to learn from experience and take the time to educate staff as to how to spot and avoid risks. This applies to businesses of all sizes.

“We know cyber risk is a daily threat and that cybercrime is here to stay, it will increase in prevalence, it will increase in sophistication. It is a permanent risk that should be firmly on all boardroom agendas,” he added.

Cybersecurity innovation

Ben Brabyn, head of FinTech accelerator Level39, which houses a high number of cybersecurity startups, believes the creation of the NCSC puts the UK on the map as the global capital of cyber security innovation.

He went on to say large corporates must begin to collaborate with, or purchase from, cybersecurity startups to ensure they’re able to innovate and adequately react to cyber threats.

“The time to invest in cyber security is now, and corporates must open their cheque books to drive innovation.

“Government support combined with a critical mass of startup entrepreneurs can create an ecosystem capable of scale. Now the global corporates holding the world’s data, and the world’s largest IT budgets, need to recognise the threat, and growth potential, of this industry,” Brabyn concluded.