mnovelo - Fotolia

Security skills gap will take a decade to fill

The British education systems cannot move fast enough to address the security skills crisis, and in the absence of government action increased reliance on automation may be the least worst solution

It will take the best part of a decade to identify and train appropriate talent to address the cyber security threats that organisations face today, according to digital resilience and risk modelling specialist RedSeal.

Almost 18 months on from the release of a damning parliamentary security strategy report that called for the government to urgently address the skills crisis in cyber security, RedSeal said the government had failed to make training opportunities a priority, and that a deepening talent gap had the potential to cause “irreparable damage” to British businesses.

“Across the industry, we have drained the talent pool for security professionals,” said the firm’s chief technology officer, Mike Lloyd. “The UK’s education system can help, but not quickly – professionals agree that it takes about 10 years of real-world experience to develop the skills needed to combat today’s threats, so we’re facing a sustained drought for talent.

Automation can help, but cannot replace human intuition and insight. We have to build hybrid teams, combining computers for all the drudge work so that the few human analysts can focus on the security tasks that matter.”

RedSeal enlisted Atomik Research to undertake fieldwork in June 2019. It questioned more than 500 CIOs and senior IT professionals from across the UK, unearthing major concerns that the skills shortage was reaching crisis point.

Over 75% of respondents said they struggled to find cyber security professionals with the necessary expertise to combat organised online crime. Three-quarters said their ability to recruit skilled professionals from outside the UK was being hindered by Brexit, and 95% believed that if the UK does leave the EU, the skills gap will widen.

“It takes about 10 years of real-world experience to develop the skills needed to combat today’s threats, so we’re facing a sustained drought for talent”
Mike Lloyd, RedSeal

Among the study’s other findings, 81% of respondents said they had suffered some kind of cyber security breach within the past 12 months, but 40% said their business did not have a plan in place to respond to an incident, largely due to an inability to plan effectively.

“Further and higher education in cyber security needs continuing support to keep pace with the ever-changing threat landscape that UK business is facing right now. There is a shortage of professionals with cyber security skills in the UK, which means engaging young people and mid-career changers in developing skills and knowledge through high-level technical and computing education is more important than ever before,” said Peter Komisarczuk, head of the information security department at Royal Holloway University of London.

“There are significant career opportunities in cyber security – the average annual salary for jobs in cyber security is £72,500 and we are seeing our graduates getting significantly more than the average graduate salary of £23,000 on leaving with their degree. Moreover, the potential to contribute to economic growth is huge, as well as support UK business against a very real cyber threat.

“There are some great schemes encouraging younger people to pursue a career in information security, such as CyberFirst which provides excellent opportunities for 11-17-year-olds to develop skills and knowledge, as well as a bursary scheme for undergraduate students,” said Komisarczuk.

Read more about IT skills

Read more on IT risk management