Government continues probe of UK cyber security labour market

The government is to undertake a second survey of UK businesses, public sector organisations and charities to find out how they approach employing and training cyber security professionals.

The research will look at the issues organisations face in finding the cyber security skills they need and will be used to inform government policy.

The surveys by Ipsos Mori have been commissioned as part of the government’s National Cyber Security Strategy 2016 to 2021.

The first survey report, published in December 2018, estimated that 710,000 UK companies have a basic technical cyber securty skills gap, and 407,000 have a high-level technical cyber security skills gap.

The first survey found that organisations outside London have more pronounced skills gaps, and that overall, incident response is an area that many organisations underestimate or do not understand to be important. Some 47% of organisations polled said they were not confident in dealing with a cyber security breach or attack.

The most notable skills gaps were around forensic analysis, penetration testing, security architecture, using threat intelligence, carrying out a cyber risk assessment, preparing cyber security training, and developing cyber security policies.

The second survey is due to take place from August to October 2019 involving senior representatives of businesses, public sector organisations and charities selected at random from public databases.

Rahul Powar, CEO and co-founder of London-baseed cyber security firm Red Sift, said: “The research revealed that more than half of businesses had a basic technical cyber security knowledge gap, and we are not expecting the second phase of research to unearth anything different.

“As an employer of developers and trained cyber security professionals, I can attest to the competitive nature of this labour market and have seen how valuable these subject matter experts are to an organisation, often leading to employees repeatedly leaving one role for another.

“We are one of a handful of companies developing cyber security solutions that look at addressing this resourcing gap through technology, alongside training. This way, instead of an organisation losing skills and knowledge each time the labour market shifts, they have a toolkit that helps them embed this intelligence within the firm, thereby reducing the risk of insight leaving with the employee.”

The government’s first survey report concluded that organisations are trying to address skills gaps through a mix of recruitment, training and outsourcing, but face barriers in each of these areas.

“This suggests that there is more to be done to help fill the cyber security skills gap," the report said, recommending the government to:

• Adopt a definition of cyber security skills to help organisations understand their skills needs better, and individuals understand their job roles better.
• Outline standard career pathways and relevant qualifications to help further professionalise the industry.
• Promote existing government guidance on cyber security and develop new government and industry-supplied guidance to encourage more organisations to understand and address their skills gaps better.
• Focus on potential future skills needs as well as current skills needs.