svetazi - stock.adobe.com

Chartered status and aligned standards are crucial for the UK's cyber sector

As the UK moves closer to ushering in the world’s first chartered cyber professionals, the UK Cyber Security Council’s Simon Hepburn outlines the sector’s defining moment

The cyber security sector is awash with analysis, reports and studies exploring cyber threats and future predictions. But whether the findings are published by industry leaders or academia, they all agree on one key thing – the prevalence and severity of cyber attacks has increased exponentially.

This is a worrying trend that shows no sign of abating.

SonicWall’s 2022 Cyber threat report states that ransomware incidents on governments across the globe increased by 1,885% last year, with the healthcare industry alone suffering a 755% increase.

Against that backdrop, the UK government’s recent labour market report found that the country’s cyber sector is facing a chronic skills shortage.

The report found that half of all businesses have just a single employee responsible for cyber security, and despite ever-increasing demand for cyber skills, the industry has a yearly workforce gap of 14,100 people.

This threat is brought into sharp focus by the sheer volume of cyber attacks that the UK faces, and the shortage of skilled individuals to defend organisations from malicious intent.

Addressing the skills gap with a range of specialisms

For this reason, the UK Cyber Security Council believes the industry needs aligned professional standards and a chartered model if it is to address the threat facing the UK.

The threat of cyber attacks is set to stay and the sector must work collaboratively – doubling down on skills and demystifying what it means to work in cyber – if it is to shore up the gap, bolster the country’s cyber defences and protect against the tide of attacks.

As well as addressing the skills gap, the sector also needs to diversify further to make sure that a career in cyber is viewed as a viable option for people from a wide range of backgrounds. This is a key focus for the Council as we look to create a large talent pool of ambitious practitioners enthused by the idea of a career in cyber.

Because it is such a new profession, there is not always a holistic understanding of the varied roles and disciplines available among those working in the industry, let alone for those entering it. Ultimately, the Council’s aim is to map the sector out – a cyber industry cartographer, if you will – building a greater understanding of the breadth and depth of current and required skills from across the industry.

Currently, several cyber security qualifications, accreditations and degree standards exist, without any uniform equivalency. That is why we are introducing a universally recognised chartered professional standard for the industry – a move that will bring the sector in line with others, such as accountancy and civil engineering.

The first two specialisms kickstarting the six-month pilot – Cyber Security Governance and Risk Management and Secure System Architecture and Design – launched in October.

The subsequent professional titles awarded by the Council will present those working in the industry with an independent seal of approval – a key differentiator between candidates with similar qualifications, experiences and backgrounds.

A framework for success in cyber

If we are to achieve that ambition, the country will need a framework of aligned professional standards across the industry’s disciplines. It will need to better define an individual’s prerequisite knowledge, demonstrate how they adhere to industry best practice and uphold the highest ethical standards.

The professional titles available – Associate, Principal or Chartered – will correspond with the individual’s depth of experience and skill and will help businesses navigate the level of expertise they need for their cyber requirements.

Establishing a chartered model – including this new set of professional titles – will bring the sector into line with more orthodox, well-established disciplines, cutting through any misconceptions about the skills required to thrive in cyber.

It is essential for businesses, practitioners, and those looking to enter the industry that we have an in-depth understanding of the skills, professionalism and qualifications needed in the sector. Once established, it will help broaden the talent pool, as more people will start to enter the industry from other roles and industries with complementary skills and backgrounds.

Creating a clearer competency-based standard will be a first step in that direction. It will also help employers understand the skills associated with each level, enabling them to recruit more effectively for the needs of their business.

The future starts now

The UK Cyber Security Council is set to usher in the country’s first-ever chartered cyber professionals this year, as the Council sets its sights on further developing ethical standards, accountability and professional registration.

This will be a defining moment for the sector and a huge step towards the government’s goal to make the UK the safest place in the world to live and work online. Breaking down barriers to entry for the industry and diversifying across ethnicity, gender and neurodiversity will help to address the cyber skills gap and strengthen the industry as a whole.

Establishing aligned standards and professionalism in the sector will be key to bolstering the UK’s cyber defences, demonstrating a clear and exciting trajectory for cyber professionals, armed with skills that are fundamental for successful business.

Simon Hepburn is CEO of the UK Cyber Security Council and visiting professor at Aston University’s College of Business and Social Sciences. He is a charity and education executive with over 20 years’ experience with a variety of national and international organisations.

Read more on Security policy and user awareness