The state of the cyber security skills gap

cyber security icon

Organisations have a wealth of skills gaps to address, but few are as important as the one seen in cyber security

We speak a lot about the technology skills gap and the tremendous strain that it puts on UK businesses. Many skills are in high demand and not finding tech talent that is the right fit, right now can grind projects to a halt – but one skill set can have a potentially severe impact on your business if a skills gap is not addressed: cyber security.

The Government’s Department for Digital, Culture, Media & Sport (DCMS), working with Ipsos, released their report assessing cyber security skills in the UK labour market earlier this year. It shows just how widespread the cyber security skills gap is and the issues that organisations of all sizes face.

Essential cyber security skills gap statistics

  • Half of all businesses have just one employee responsible for cyber security
  • Larger organisations (250+ staff) rarely have a cyber security team of more than five people
  • Almost half (49%) of all cyber firms have faced problems thanks to a cyber security skills gap, either among existing staff or among job applicants
  • The cyber security recruitment pool faces an estimated shortfall of 14,100 people

Organisations are still struggling with cyber security essentials

The Government launched the Cyber Essentials scheme in June 2014 so organisations of all sizes and operating in all industries could improve their cyber security and “protect themselves against common online security threats”. Five essential areas were identified:

  • Boundary firewalls and internet gateways
  • Secure configurations
  • User access controls
  • Malware protection
  • Patch management

Many organisations outsource their cyber security needs. Those that don’t pay for outsourcing struggle to find the talent they need to become perform their cyber security tasks confidently. When companies with in-house cyber security were asked about their competencies in the Government’s five essential areas (and other common cyber security tasks identified by DCMS), concerning skills gaps were found.

business confidence in cyber security tasks
Source: DCMS

More than a third of businesses aren’t confident setting up configured firewalls, or detecting and removing malware. Storing and transferring personal data securely is a common concern for customers – this is with good reason as 29% of businesses aren’t confident in their ability to carry out these tasks.

industry confidence in cyber security tasks
Source: DCMS

When viewing this data separated by organisation type (below), you can see how many charities lack the confidence to carry out even common tasks like creating backups and setting up automatic updates. Charities regularly struggle with digital confidence and capabilities because their funding can fluctuate, and resources are primarily given to people who benefit from their cause. Unfortunately, this can leave their digital systems worryingly under supported and vulnerable to attacks – a disaster for organisations that store sensitive information from people they help and those who donate to them.

The Cyber Essentials scheme is in place to provide organisations with resources and certifications that will protect them. However, with a lack of digital confidence in these organisations, they may simply ‘don’t know what they don’t know’ and are unsure how to address their cyber security deficiencies.

businesses with only one cyber security employee
Source: DCMS

The cyber security talent pool is shrinking

One of the most startling stats revealed in the research is that half of all businesses have just one employee responsible for their cyber security. This is naturally most common in micro-businesses (1-9 members of staff) although the fact that one in eight (12%) large companies also have a lone cyber security employee is hugely concerning. These are businesses with at least 250 staff, meaning potentially 0.4% of a company’s workforce is dedicated to protecting it from cyber-attacks and data loss.

These small teams are catalysts for the lack of confidence discussed earlier. A company simply cannot expect to improve the security of its systems and keep up with its transformation plans if only one member of staff is responsible for it. Herein lies the interesting wrinkle in the state of the cyber security sector: tech talent appears to be snapped up by dedicated security firms, meaning there’s a lack of prospects when businesses try to hire in-house security specialists.

Consider this: the DCMS reported that, in 2021, “UK-registered cyber security firms attracted record levels of external investment, with more than £1 billion secured across 84 deals by companies.” However, the DCMS has also found that the cyber security talent pool is shrinking. It projects that there is a shortfall of 14,100 people, based on the following estimates for 2022:

  • Inflow of new talent: 7,500 people
  • Outflow of talent leaving cyber security: 4,600 people
  • Growth of cyber security industry: 13% (requiring an additional 17,000 people)

How to address the cyber security skills gap

As mentioned earlier, a common solution many organisations turn to is outsourcing their security needs to another company. But security shouldn’t be seen as a ‘project’ that you need support delivering – it’s an essential part of your operations.

Working with a cyber security firm has its benefits, but also ties your business into an indefinite relationship that can prove costly (you are at the mercy of your security provider’s prices) and difficult to end (changing provider require securely transferring massive amounts of data from your old security provider to your new one).

There is a natural preference for organisations to control and protect their own data. Despite the issues identified in the cyber security talent pool, you can still bring new talent into your organisation so you can improve confidence in your security while keeping control of it. It starts with speaking to a tech academy provider who can supply you with the talent you need exactly when you need it.

At the Ten10 Academy, we train our Academy Engineers in the latest technology and place them into organisations so they can make a difference from day one. Cyber security is a specialist pathway in our Ten10 Academy training, meaning you can grow your team cheaper than outsourcing to another company and quicker than recruiting someone from scratch.

Learn more about the Ten10 Academy

See how we can help your organisation take control of its cyber security with help from our Academy Engineers. Read about our award-winning Ten10 Academy and the stellar training we give the new generation of technologists.