The UK is struggling in its battle against cybercrime. This is not due to a lack of determination, investment, or of strong leadership from the central government (The government is, if anything, taking cybercrime more seriously than previous administrations). Rather, the cyber security industry is currently beset with a significant skills shortage which, with the best will in the world, makes it hard to plug all the gaps. It’s a case of all hands on deck, but not enough hands.
According to a report by the National Audit Office (NAO) released in February 2013, cybercrime could cost the UK up to £27 billion per year. NAO head Amyas Morse explained:
The threat to cyber security is persistent and continually evolving. Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack.
Yet at the same time, attempts to deal with this continuing threat are undermined by a lack of cyber security experts. It seems that simply not enough candidates are chasing IT security jobs. TechWeek Europe reported:
The NAO says that the number of IT and cyber security professionals in the UK has failed to increase in line with the growth of the Internet sector.
The NAO report notes that between 2003 and 2010, the number of students taking IT courses at university fell by some 27 per cent. Indeed, academics interviewed by the NAO suggested it could take 20 years or more to make up this skills shortage.
Fortunately, both the public and private sectors are showing signs of listening, and a number of initiatives have been undertaken to increase the number of cyber security professionals working throughout the UK.
In the Defence industry, for instance, BAE Systems is taking a significant lead. The company announced in February this year, according to the Daily Telegraph, that it was:
[…] recruiting more graduates for its cyber and security operations than any other parts of its UK business as it steps up its anti-hacking prowess […] Out of a 287 graduate intake, 120 places are earmarked for the cyber posts with its Applied Intelligence subsidiary.
The graduates working for this subsidiary, Detica, according to its Director Martin Sutherland, will fight fraud and help companies to more effectively manage the mountains of data available.
Meanwhile, the UK government has just given its backing to a new Open University Cyber Security course that gets underway in September. Ultimately, the course aims to inject around 200,000 skilled employees into the cyber security sector.
Moreover, the Government is now playing an increasingly active part in the Cyber Security Challenge, described on its website as:
[…] a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more EU citizens resident in the UK to become cyber security professionals.
It explicitly aims to bolster the nation’s pool of cyber skills.
All in all, the government is certainly making a determined, principled and energetic effort to reduce, and eliminate the UK’s cyber security skills shortage. Ultimately, such a deficit of trained experts should concern the users of digital technology throughout the country.
About Acumin
Acumin is an international Information Security and Risk Management recruitment and executive search specialist. We specialise in the professions of Information Security & Risk Management, Governance & Compliance, Penetration Testing, Forensics, Intrusion Analysis, Technical Security, Business Continuity Management, Sales Engineering, Sales & Marketing, Public Sector Security and Executive Management.
Acumin provide a range of services which include contingency Permanent Recruitment, Contract Recruitment and retained Executive Search. For SMB and Enterprise End User clients Acumin facilitate the development of internal Information Security and Risk Management teams across the UK, Europe and United States.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.