lolloj - Fotolia
UK education system failing to support cyber security profession
Countries and companies must act quickly to address the cyber security skills shortage through improvements in education, workforce diversity, training opportunities, security technology and data collection, a report says
The UK’s IT industry is the least satisfied among its international peers that the country’s education system is supporting the cyber security profession, a report has revealed.
Only 14% of UK IT decision-makers believe the nation’s education system fully prepares professionals for the cyber security industry, according to the Intel Security Hacking the Talent Shortage report.
The study, launched in partnership with the Center for Strategic and International Studies (CSIS), said this is underlined by the fact that 75% of UK IT experts say there is a cyber security talent shortage.
As a direct result, 32% of enterprises claim they are unable to maintain an adequate staff of cyber security professionals, and 22% believe they are targeted by attackers because they know the company’s cyber security is not strong enough.
In 2015, 209,000 cyber security jobs went unfilled in the US alone, and despite a quarter of respondents confirming that their organisations have lost proprietary data because of their cyber security skills gap, there are no signs of this workforce shortage abating in the near term.
Respondents estimate that an average of 15% of cyber security posts in their company will go unfilled by 2020.
With the increase in cloud, mobile computing and the internet of things (IoT), as well as advanced targeted cyber attacks and cyber terrorism across the globe, the need for a stronger cyber security workforce is critical, the report said.
Shortage of skills
The shortage of skills is responsible for significant direct and measurable damage due to the inability to defend against cyber attack, according to 71% of the IT professionals polled.
“A shortage of people with cyber security skills results in direct damage to companies, including the loss of proprietary data and IP,” said James Lewis, senior vice-president and director of the strategic technologies program at CSIS.
“This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organisation.”
The report analyses cyber security spending, education and training, employer dynamics and government policies around the world in relation to the global cyber security skills shortage, reported by 82% of IT professionals globally.
Read more about the cyber skills shortage
- Analyst forecasts of a 1.5 million shortfall of information security professionals by 2020 come amid reports of rising salaries, an ageing workforce and the inability to fill existing positions.
- Harnessing existing expertise could address the demand for competence in countering cyber security threats.
- IT has an ongoing problematic shortage of enterprise cyber security skills.
The report said countries and industry sectors that spend more on cyber security are better placed to deal with the skills shortage. Only 23% of respondents said education programmes are preparing students to enter the industry, and although salary is the top motivating factor in recruitment, other incentives are important in attracting and retaining top talent, the report said, such as training, growth opportunities and the reputation of the employer’s IT department.
Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.
The cyber security skills shortage is worse than talent deficits in other IT professions, the report revealed, with highly technical skills lacking the most.
More than three-quarters of the IT professionals polled said governments are not investing enough in building cyber security talent pools.
Hands-on training
Hands-on training and practical training are perceived as better ways to develop skills than traditional education resources, the report said.
“The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector have not brought enough urgency to solving the cyber security talent shortage,” said Chris Young, senior vice-president and general manager of the Intel Security Group.
“To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and deliver deeper automation so talent is put to its best use on the front line. Finally, we absolutely must diversify our ranks.”
The demand for cyber security professionals is outpacing the supply of qualified workers, the report said, with highly technical skills such as intrusion detection, secure software development and attack mitigation more valued than softer skills, such as collaboration, leadership and communication.
The report recommends addressing the cyber security skills shortage by:
- Redefining minimum credentials for entry-level cyber security jobs and accepting non-traditional sources of education, such as hackathons.
- Providing more opportunities for external training.
- Identifying technology that can provide intelligent security automation.
- Collecting attack data and developing better metrics to identify threats quickly.
A secure cyber security environment requires a robust workforce, the report said, yet currently there are not enough cyber security professionals to defend computer networks adequately.
“Countries and companies have to act quickly to fix this problem by facilitating the entry of more people into this profession through improvements in education, workforce diversity, training opportunities, security technology and data collection,” the report concluded. “These concurrent efforts are vital to defeating cyber security threats and creating a more secure network environment.”