According to the Department for Science, Innovation and Technology (DSIT), half of UK businesses are suffering from a basic cyber security skills gap.

The Cyber security skills in the UK labour market 2023, revealed that security leaders of around 50% of organisations feel as though they lack the confidence to carry out even the most fundamental of tasks outlined by the NCSC’s Cyber Essentials programme, and are currently going without the necessary support from third parties.

Aside from this deficit in basic skills, a third of organisations also reported a more advanced skills gap – admitting to falling short when it came to security elements such as forensic breach analysis, storing or transferring personal data, or detecting and removing malware.

Businesses face a rapidly evolving threat landscape

The report reveals that even the security industry itself is feeling the bite of the skills divide, with almost half (49%) of cyber firms confirming that they too have faced the challenge of technical skills gaps among their existing staff or job applicants.

This problem is exasperated by the ever-changing landscape of cyber security threats, with cybercriminals taking advantage of overstretched security teams by targeting systems they know lack appropriate support.

In order to tackle the issue of strained resources, Kayla Underkoffler, Lead Security Technologist at HackerOne, suggests that organisations should consider automating their cyber security:

“For security leaders, AI-enabled tools can enhance how their security teams spot and prevent breaches. Adversarial security testing, like penetration testing and bug bounty programs, are two solutions essential to an effective cybersecurity strategy that would benefit from AI-powered automation, which could, for example, simplify analysing attack surface data and writing up disclosure reports.”

As Underkoffler points out,

“Senior leadership should endorse a comprehensive cybersecurity approach that combines technical innovation and human insight. This approach will allow organisations to leverage the strengths of both AI and human expertise to address security gaps across attack surfaces and cyber skills.”

Fostering existing skills and widening the talent pool

This report highlights the obvious deficit facing UK businesses when it comes to cyber security skills. However, these worrying statistics are actually relatively static compared to those from 2021 & 2020. This means that, while organisations are widely failing to improve their cybersecurity skills, they are at the very least avoiding regression. But this will not remain the case forever.

Agata Nowakowska is Area Vice President EMEA at Skillsoft, where she leads the field operations, including enterprise and small & mid-market, as well as channel sales/strategic alliances across Europe, Middle East and Africa.

As Agata Nowakowska, AVP EMEA at Skillsoft, outlines,

“Organisations need to act fast to prevent these deficits from undermining their future performance and market success.”

But, with the rapid changes to workplace tech, it can be difficult to know where to start and even harder to consistently re-equip employees with the skills they need to keep up with changing security needs. As Nowakowska continues:

“Employee time limitations, irrelevant content and difficulty knowing where to start can all prove roadblocks for organisations that need to continually update their cyber skills inventory. By leveraging dynamic skills assessments, organisations can connect people with the relevant skills learning at the right time. By delivering high-quality and personalised skills development, featuring tailored micro-learning opportunities that fit around an individual’s natural flow of work, organisations will be able to create future-fit workforces that are prepared for the cyber security risks of today and tomorrow.”

Pete Sorenson serves as the Vice President of Strategic Initiatives at ConnectWise–the world’s leading software company dedicated to the success of IT solution providers (TSPs) through unmatched software, services, community, and marketplace of integrations. Pete joined ConnectWise in early 2018 and prior to that, he held several leadership positions during his 10-year tenure at DuPont Pioneer.

Beyond upskilling existing employees, it is also vital that organisations consider how to get the most out of their recruitment strategies. Pete suggests looking beyond the traditional cybersecurity hiring pool.

“Women and minorities are underrepresented in the field. Mentorship programmes are a useful tool in making minority employees feel more comfortable.”

By tapping into this underutilised talent, organisations can not only diversify their workforce but gain the necessary expertise to tackle the cybersecurity skills gap.

While this report does present some worrying statistics about the UK’s current cybersecurity skill landscape, overall there is plenty that can be done to improve this situation. As Sorensen concludes,

“There is talent out there, which we can tap into, while also reducing the burden through automation and upskilling the workforce we already have. By making our existing teams as productive as possible, and reaching out to new hiring pools, we can bridge the IT skills gap and stay ahead of the cybersecurity game.”

Read more of our articles here.