With a lack of cyber security professionals in the market, does the UK have a chance in the fight against cybercrime?
With the increasing amount of technology being adopted into our lives, a rising threat runs parallel, with cyber criminals relentlessly deploying new tactics to hack online systems, steal data and generally exploit individuals, businesses and government institutions. According to a report by ESG and the Information Systems Security Information (ISSA), there were a total of 254 publicly disclosed data breaches last year exposing almost 160 million records of personally identifiable information.
But it’s not just the number of attacks which is worrying; it’s also how widespread the targets of cyber criminals are. Over the past 18 months, there have been several high profile security breaches affecting companies from a range of industries including banking (Tesco Bank), accounting (Sage) and telecommunications (TalkTalk). With a lack of cyber security professionals in the market, does the UK have a chance in the fight against cybercrime?
The state of security skills in the UK
There is a serious digital skills deficit in the UK and it is likely to get bigger before it gets better. According to a report by the Science and Technology Committee, employers will need a further 745,000 workers with digital skills by 2017.
There are several reasons for the existence of the digital skills gap. The main reason is the fast pace of change within technology. The digital revolution only really began 30 years ago and as such, it has taken time for its influence to filter into the Government’s agenda. A number of jobs today such as IT Security Analysts, Information Security Managers and Cyber Architects, didn’t exist 10 years ago and therefore there is a limit to how many people have learnt security skills within that time.
Amongst other side effects, a major consequence of the digital skills deficit is a loss of income for the UK economy of £63bn per year (Science and Technology Committee Report 2016). A shortage of security skills specifically, has its own set of risks. Without the right skills and measures in place to combat cyber security threats, the UK leaves itself exposed. This has a knock on effect on our global competitiveness as weak defences could deter other countries from trading with us. A substandard defence strategy also creates fear amongst businesses and the public which is never a good sign for the economy.
From a business perspective, the consequences of not having a solid security strategy are similar to those for the country as a whole – more exposure to cybercrime, which makes you less competitive and will likely cause reputational damage should you be targeted. On top of these negative impacts, businesses who do not comply with the GDPR regulations (General Data Protection Regulation) run the risk of huge fines.
So how can the UK source the security skills it needs?
Capitalise on core digital skills
Whilst security is a niche IT sector, roles within this discipline are diverse. Employers struggling to source the security professionals they need should therefore consider hiring IT professionals from different backgrounds like development and network/system/exchange administration. At the heart of all security experts is the ability to problem solve, so those with experience within 2nd and 3rd line support are likely to have transferable skills which could prove vital in addressing the security skills gap.
As well as an open-minded approach to recruitment, training is also an important factor in ensuring the UK has the security skills it needs. The aforementioned report by ESG and ISSA found that 56 per cent of security professionals believe their employer doesn’t deliver the right levels of training to keep up with new risks, threats and security products. This demonstrates the importance of maximising existing talent through up skilling.
Offer an engaging education
Being able to establish a talent pool of security experts for the future is dependent on offering educational opportunities which are relevant and engaging for young people. Apprenticeships are one answer to this problem, giving young people the chance to earn a wage whilst learning fundamental skills at the same time. With the launch of the Government’s apprenticeship levy, more opportunities to learn relevant security skills should become available. Businesses and educational institutions will need to work together to ensure successful take up rates.
Within education, schools and colleges may also need to help improve perceptions of IT jobs by offering an alternative view of IT professionals to the ‘geek’ stereotype that young people often imagine. Security experts are crucial in fighting serious cybercrime so perhaps more needs to be done to highlight the heroic nature of the job.
Continued Government investment
It has to be said that the UK government has been making great strides towards addressing the skills gap and putting security on the agenda. Most recently the government has announced a £1.9bn investment into cyber security as part of its cyber security strategy. One major part of this strategy saw the opening of the National Cyber Security Centre in October, which unites all of the UK’s cyber operations within one organisation. This coordinated approach will enable the UK to reduce risk and respond more effectively to cyber incidents. If the UK is to build on and future proof its security capabilities, security must remain high up on the government agenda.
Realistically, with the introduction of GDPR, the continual emergence of new technologies and associated threats, and the insatiable nature of cyber criminals, the demand for security experts is likely to drive a bigger skills gap before the situation starts to improve. By increasing our cyber defences, we can create renewed confidence in the UK, which will secure investment in uncertain economic times.
To win the war on cyber security, the UK must continue to invest in our defences and recognise the opportunities for securing talent for the future.