Half Of UK Business Has A Critical Cyber Skills Gap

The number of UK companies with a basic cyber security skills gap has dropped since 2018 but still stands at around half of all businesses, according to a new government study from the Department for Digital, Culture, Media and Sport (DCMS). The report is compiled from analysis of labor market databases, interviews with training providers and quantitative surveys with UK organisations.
 
Although down from 54% in 2018, 48% of firms still have staff unable to carry out the basic tasks outlined in the government’s Cyber Essentials scheme, such as setting up firewalls, storing data and removing malware.
 
The skills gap is exacerbated by Brexit uncertainty as 73% of participants in the study state that Brexit is a major concern when they are considering hiring cybersecurity professionals from outside of the UK. 95% expect that Brexit will widen the skills gap further as there are many IT security professionals already working in the UK, from other countries. This could be due to the lack of advanced cybersecurity education available in the UK.
 
The Report says that only half of businesses (50%) and charities (49%) say they have carried out an internal or external audit in the last 12 months. 
 
The research also suggests that the quality of these audits varies greatly. In some cases, external audits were broader financial audits that covered aspects of cyber security but did not focus on the topic. From the DCMS report onl a minority of organisations have carried out andy of the following actions:  
  • Report being insured against cyber risks (32% of businesses and 31% of charities)
  • Have reviewed the cyber security risks presented by suppliers (15% of all businesses, 43% of large businesses specifically, and 13% of charities)
  • Have reported cyber security breaches to anyone beyond their IT or cyber security providers (27% of businesses and 38% of charities, among those that identified any breaches or attacks).
The qualitative research also suggests that current communications, both around supplier risks and reporting of breaches, can be confusing for organisations.
 
The report claimed that 30% of UK businesses also lacked more advanced cyber-skills in areas such as pen testing, forensics and security architecture, while over a quarter were understaffed in terms of incident response (27%).
 
Other skills in high demand included: threat assessment or information risk management, assurance, audits, compliance or testing, cybersecurity research, implementing secure systems and governance and management. 
  • Two-thirds (64%) admitted they suffered problems with cybersecurity skills gaps and a quarter (25%) complained that this had seriously impacted business goals.
  • A third (35%) of employers reported vacancies being hard to fill, either because applicants lacked technical skills or knowledge (43%) or relevant soft skills (22%).
  • The government report also claimed that just 15% of the current cybersecurity workforce is female, much less than the 24% global figure reported by (ISC)2.
  • Diversity is lacking elsewhere: just 16% come from ethnic minority backgrounds and only 9% were classed as neuro-divergent.
More businesseshave carried out a formal analysis of their training needs in 202 (22% versus 14%) in 2018 and more consider it essential to have incident response skills (23% versus 17%).
 
The government called for greater investment in technical skills and training, more relevant courses from schools, universities and training providers, and a more open attitude from recruiters. “Many employers could benefit from broadening their recruitment practices, to employ more career starters, apprentices, graduates, people transitioning from other sectors or roles outside cybersecurity, and those from diverse groups,” the report says. 
 
GOVUK:      Infosecurity Magazine:    Professional Security      TheDefenceWorks:   
 
Looking For A Career In Cybersecurity?
Our Directory of Suppliers lists Job sites and Recruitment firms focused on Cybersecurity talent acquisition, job placements & career development:  HERE 
 
You Might Also Read: 
 
The Scope Of A Cyber Security Audit:
 
Take Action On Cyber Security Training:
 
 
 
 
 
« New Cyber Security Jobs
Cyber Attacks Up 500% In A Month »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NextPlane

NextPlane

NextPlane provide secure real-time B2B unified communication and collaboration solutions within and across business systems.

Fortra

Fortra

Fortra (formerly HelpSystems) is your cybersecurity ally, unified through the mission of providing solutions to organizations' seemingly unsolvable cybersecurity problems.

Garland Technology

Garland Technology

Garland Technology specializes in network access points (TAPs) for 100% visibility allowing you to see every bit, byte, and packet flowing through your network.

TOAE Security

TOAE Security

TOAE Security is a trusted cyber security consulting partner helping today's leading organizations protect their most important assets from evolving cyber threats.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

QNu Labs

QNu Labs

QNu Labs’s quantum-safe cryptography products and solutions assure unconditional security of critical data on the internet and cloud across all industry verticals, globally.

AUREA Technology

AUREA Technology

The photon counter SPD_OEM_NIR from AUREA Technology is designed for quantum key distribution at telecom wavelengths.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

Cynomi

Cynomi

Cynomi is a leading strategic cybersecurity operations platform that automates cybersecurity knowledge and expertise to empower teams with little to no in-house expertise.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

ClearShark

ClearShark

Since 2001, ClearShark has been a go-to adviser in the U.S. Public Sector for creating customized and integrated solutions for the most secure of networks.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

SektorCERT

SektorCERT

SektorCERT is the cybersecurity center for the critical infrastructure sectors in Denmark. We help detect and handle when critical infrastructure is exposed to cyber attacks.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.