New Government report, released today, on cyber security skills in the UK labour force. Some of the headline statistics include:
- Approx. 653,000 businesses (48%) have a basic skills gap. That is, the people in charge of cyber security in those businesses lack the confidence to carry out the kinds of basic tasks laid out in the government-endorsed Cyber Essentials scheme, such as setting up configured firewalls, storing or transferring personal data, and detecting and removing malware
- It is not common for businesses overall to invest in training for staff in cyber roles (24% have done so)
- Around 7 in 10 cyber sector businesses (68%) have tried to recruit someone in a cyber role within the last 3 years. These employers reported a third (35%) of their vacancies as being hard to fill
Today’s cyber skills report shows a third of vacancies are hard to fill, which is concerning, but not particularly surprising. It’s hard to find the right people to fill cyber security job roles, there’s no two ways about it. One big piece of recruitment advice for businesses would be to look after your own, as word of mouth and recommendations go a long way. Similarly, if you provide a supportive and interesting environment to work in, then you will encourage more people to join.
Recruiting cyber skills is only half the battle; the other half is retaining staff and making sure new recruits are actually effective in their roles. For the former, businesses should look for technologies that can help keep existing security teams interested and engaged, as well as operating more proactively, rather than, for example, constantly responding to security alerts. For new recruits, training that covers the full depth and breadth of the digital risks the business is facing is critical, yet often sporadic. What tools, applications and software does the business use and what would the impact be if one of these suffered an outage or breach? Which third parties do they work with, what level of access do they have? Compounding this, ambitious digital transformation initiatives have created unprecedented challenges, complexities and digital risks that organisations’ security, IT and risk teams must now manage. Robust training will help those employees better understand the business’ digital risk landscape, enabling them to tackle issues faster and ensure they are more effective in the role.