China’s new draft cyber law will ban all export of data deemed as posing a security threat
The research indicates that the cybersecurity skills gap remains stagnant, posing significant challenges to businesses and organisations. iStock

A recent report commissioned by the Department for Science, Innovation and Technology (DSIT) has unveiled concerning findings about the state of cybersecurity skills in the UK labour market.

The research indicates that the cybersecurity skills gap remains stagnant, posing significant challenges to businesses and organisations across the nation. Despite an increase in demand for cybersecurity professionals, the lack of skilled individuals continues to be a persistent issue.

The report highlights that a substantial number of UK businesses are grappling with technical skills gaps, incident response skills gaps, and governance skills gaps in their cybersecurity workforce.

Approximately 50 per cent of businesses suffer from basic skills gaps, where cyber professionals lack confidence in performing fundamental tasks outlined in the government-endorsed Cyber Essentials scheme. The lack of support from external cybersecurity providers further exacerbates the situation.

Moreover, 33 per cent of businesses face more advanced skills gaps, particularly in areas such as forensic analysis of breaches, security architecture, interpreting malicious code, and penetration testing. A concerning 41 per cent of businesses experience internal skills gaps in incident response and recovery, indicating a lack of cyber resources within their organisations.

Interestingly, the report reveals that the figures for basic and advanced technical skills gaps have remained relatively unchanged over the past five years. However, the proportion of businesses struggling with incident management skills is on the rise, increasing from 27 per cent in 2020 to 41 per cent in the current year.

A recurring issue identified in the research is the struggle some cybersecurity leads face in engaging senior leadership with cybersecurity matters. While some senior leaders acknowledge the importance of cybersecurity, it is not always prioritised adequately. Additionally, a lack of resources often hinders effective cybersecurity implementation, causing cybersecurity leads to feeling pressurised and stretched thin as they juggle various roles within their organisations.

The report further delves into the challenges faced by the cyber sector itself. Approximately 49 per cent of cyber firms have encountered technical cybersecurity skills gaps, either among their existing staff or among job applicants.

Additionally, 22 per cent of cyber sector employers report having employees who lack essential technical skills, while 44 per cent state that job applicants they have seen are also lacking necessary technical competencies. The most common areas cited for technical skills gaps are security testing, cyber security governance and risk management, and secure system architecture and design.

Despite the skills gaps, the demand for cybersecurity professionals continues to rise. In 2022, there were 160,035 job postings related to cybersecurity, with an average of 5,921 core cyber roles posted each month. While the demand showed signs of a slight slowdown in the second half of 2022, it remains historically high.

However, the employment rate in the cyber workforce has increased by 10 per cent in the last year, indicating a need for 13,500 new professionals annually to meet demand. The report suggests that the total requirement to fulfil the workforce gap is approximately 18,200 individuals per year. Although this is lower than previous estimates, the persistent gap remains an annual challenge for the sector.

The report highlights the importance of diversity within the cybersecurity workforce. While the data indicates some progress in terms of representation, the figures reveal that more women and ethnic minorities need to be encouraged to enter the industry. Only 17 per cent of the workforce is female, with women accounting for 14 per cent of those in senior roles. Additionally, 22 per cent of the cyber workforce is from ethnic minority backgrounds, while 14 per cent of those in senior roles belong to ethnic minorities.

Initiatives like the UK Cyber Security Council's Careers Route Map aim to support individuals with transferable skills in transitioning to cyber roles. However, employers report difficulties recruiting staff from diverse groups due to limited candidate pools and concerns about the associated costs.

Concluding the report, the UK government's cybersecurity skills gap report for 2023 indicated a pressing need for targeted efforts to bridge the gaps and meet the increasing demand for cybersecurity professionals. As cyber threats continue to evolve, addressing these challenges is vital to ensuring the nation's cyber resilience. Improving diversity and widening the talent pool are crucial components of this effort.