How big is the UK’s cyber security skills gap?

How big is the UK's cyber security skills gap?It will hardly come as a surprise to many of our readers that the UK is suffering from a cyber security skills shortage. At a time when criminals are finding innovative new ways to attack our systems, businesses are struggling to attract and retain the right talent to strengthen their defences.


Large-scale attacks such as the WannaCry ransomware incident bring these issues into the limelight and often cause embarrassment for organisations that are struggling with legacy systems and a lack of investment.


But how big is the gap between demand for cyber security skills and the supply of suitable candidates? We’ve examined some of the most recent research to delve deeper into the topic and give you a better overview of the market.

Departments currently under-resourced

What better place to start than our own research? Earlier this year, we published our market report for the security and resilience recruitment market (our latest research will available soon, so watch this space).


We found that just 38 per cent of security and resilience teams in the UK feel they have adequate resources to meet the demands placed upon them. Nearly three-quarters of information security hiring managers said they were finding it difficult to recruit staff.


The firms we polled said cyber security was among the biggest drivers of recruitment within security and resilience departments. Fifteen per cent said it was the most important factor, with replacing exiting recruits (42 per cent) and regulatory demands (19 per cent) coming first and second, respectively.

The UK and the rest of the world

Our research highlights some of the problems that businesses face when searching for candidates, but how deep is the talent pool in the UK compared to other countries worldwide? Pretty shallow, according to figures from Indeed.


The organisation revealed that the UK has the second-biggest skills shortage across the globe – only Israel ranked higher.


Job seeker interest only meets 31.6 per cent of employer demand in Britain, and the gap is growing. The figure, which was taken from Indeed’s 2016 third quarter advertisement data, was five percentage points lower than across the same three-month period in 2014.


“The problem is fast approaching crisis point and British businesses will inevitably be put at risk if they can’t find the expertise they need to mitigate the threat,” said Mariano Mamertino, economist at Indeed.

Firms reluctant to recruit graduates

The UK may be at the more severe end of the skills shortage spectrum, but the Frost & Sullivan and (ISC)2 Global Information Security Workforce Study revealed that most countries aren’t far behind.


A worldwide skills gap of approximately 1.8 million professionals is predicted within just five years, and one of the key problems for UK workforces is that employers are hesitant to hire inexperienced candidates.


The study found that only 12 per cent of the country’s employees are aged under 35, the Independent reported, while more than half are aged over 45. Meanwhile, just six per cent of British businesses are hiring graduates to help them fill skills gaps within their firms.


Lucy Chaplin, a manager within KPMG’s financial services technology risk consulting group, said there is too much focus on existing experience.


“[It] is like complaining that there’s a shortage of pilots but refusing to hire anyone who is not already an experienced pilot,” she added.

Is more investment needed?

A reluctance to hire staff without previous experience is just one problem businesses are facing. Recent research from Ovum and FICO showed UK firms are also tightening their cyber security budgets.


According to the data, less than half of organisations polled believed their investment in cyber security would increase over the next 12 months. Only 49 per cent said they would be better at tackling threats in 2018 than they are this year.


These responses came despite the fact that 58 per cent of senior executives in the country said data breach attempts had increased over the last year. Furthermore, 53 per cent were confident attacks would rise again this year.


Telecoms firms were particularly pessimistic; a sizeable three-quarters of businesses expected to face more data breaches.


“We are in a technological arms race with the criminals, and standing still will give criminals the advantage,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa.

Finding the right talent

Cyber security skills are clearly in short supply across the UK, which is why many businesses must offer competitive packages and an attractive work environment to appeal to today’s workforce.


Our research revealed that more employees are demanding flexible hours, home working and other perks to improve the work-life balance. These benefits are likely to become more common, particularly as a growing number of millennials enter the workforce.


If you’d like help finding the right candidates for your business, or you’re searching for your next cyber security opportunity in the UK or abroad, please get in touch with one of our consultants today.


You can also view our current vacancies by clicking here.


Our Market Reports combine our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.


Image: bakhtiar_zein via iStockADNFCR-1684-ID-801838490-ADNFCR