igor - Fotolia
Failure to develop cyber security skills is exposing organisations to cyber attacks and exacerbating the skills gap, according to research into the levels of expertise in cloud security and data protection.
More than half (51%) of 500 IT professionals and IT decision-makers at UK organisations believe they need to grow these skills in the next five years, according to a study by Rackspace and researchers at the London School of Economics (LSE) with sponsorship from Intel.
The report, which is based on surveys by Vanson Bourne and LSE research, shows that the UK is now further behind than other western nations when it comes to upskilling IT professionals in skills such as security.
UK IT leaders said they will ringfence just 10%, on average, of their annual budget for training new hires – less than their counterparts in Benelux (15%), Germany (14%) and the US (14%).
The study shows that just 26% of IT professionals polled in the UK believe they are adequately experienced in cloud security.
The findings raise concerns that not only are UK organisations exposing themselves to attacks by cyber criminals, but also risk fines under the EU’s General Data Protection Regulation (GDPR) and planned new GDPR-aligned UK data protection legislation.
According to the study, the shortage of adequately trained cyber security professionals is worrying in view of the fact that UK companies are more reliant on the cloud than ever before.
It is estimated that 88% of businesses now use the cloud in some form. Despite this, Rackspace’s research suggests that only one-third (32%) of British IT professionals want or expect to be supported with training to upskill their cloud security knowledge.
The lack of equal levels of investment in training new hires in skills such as cyber security, compared to other nation states, is expected to contribute to a shortage of professionals to meet demand in the next five years.
There could be up to 1.8 million information security-related roles unfilled worldwide by 2022, according to the latest Global information security workforce study from (ISC)2, while in Europe, the shortfall is projected to be about 350,000, with the UK’s share of unfilled cyber security jobs expected to be around 100,000.
Read more about the cyber security skills shortage
- Demand for cyber security skills outstrips internal supply, research finds.
- Cyber security skills a priority for UK government.
- An anti-millennial recruitment stance will widen cyber security skills gap, experts warn.
- Companies struggling to fill infosec roles should focus on finding people who can do what they need, not qualifications, according to a security industry panel.
At the same time, new analysis of the IT job market reveals that the number of vacancies citing cyber security (24%) and data security (47%) have risen in the past year, according to ITJobsWatch, highlighting the fact that organisations are reacting to increasing regulations and threats.
This lack of skills has had a positive impact on the salaries of those who do possess the expertise, the study shows, with 35% of UK respondents saying professionals with cloud security skills are those that their organisation is willing to or currently pays the most for, leading to the emergence of an employee market, rather than an employer market.
Commenting on the findings, Lee James, CTO for Europe at Rackspace, said: “Cyber attacks or data breaches have become everyday news in the UK and businesses are under pressure to improve their own defences and build stronger security teams as a result.
“Yet the reality is that years of neglect in recruiting cyber security professionals and developing their skills has created a hole for organisations to fill. These statistics show that companies are likely to face consequences from both cyber gangs and regulators, who will punish those not taking the right steps.”
With attacks becoming increasingly sophisticated, and regulations raising the stakes when it comes to the consequences of data breaches, James said businesses cannot afford to be complacent about gaps in their security expertise.
“We now live in an age when cyber attacks are an inevitability, rather than a risk, and organisations need to both upskill their workforce and work with trusted partners with the right security knowhow – or risk financial and reputational damage after the GDPR compliance deadline,” he said.