A recent study conducted by researchers on behalf of the UK Department for Science, Innovation and Technology (DIST) has revealed significant skill gaps within the cyber security industry. The study, which examined the skills of cyber security professionals in various businesses, found that approximately 50% of businesses, totaling around 739,000, have a basic skills gap. This means that the individuals responsible for cyber security in these businesses lack the confidence and ability to carry out basic tasks outlined in the government-endorsed Cyber Essentials scheme. Additionally, these businesses are not receiving support from external cyber security providers.
The report highlights that the most common skills gaps are in areas such as setting up configured firewalls, storing or transferring personal data, and detecting and removing malware. Furthermore, the study reveals that 33% of businesses have more advanced skill gaps in forensic analysis, security architecture, and interpreting malicious code. While the figures for basic and advanced skills gaps have remained unchanged, the proportion of businesses lacking confidence in their abilities to carry out tasks has steadily increased since 2020.
One alarming statistic revealed by the study is that 22% of businesses report that applicants lack the required skills to fulfill the job they’re applying for, and 49% report that their existing staff or applicants are underqualified. This suggests that there is a significant mismatch between the skills possessed by potential employees and the skills required for cyber security roles.
In terms of recruitment, the report finds that job listings for cyber security roles have increased at a rate of 5,921 jobs per month in 2022, totaling 71,054 jobs for the year. This represents a 33% increase compared to 2021 levels. However, despite the growing demand for cyber security professionals, there is still a shortfall of approximately 11,000 positions filled in 2022.
On a positive note, the study reveals that the number of students choosing a cybersecurity degree program has risen by 29% in a year, from 14,910 to 19,200. This suggests that the shortfall in cyber security positions may lessen in the coming years as more students enter the workforce with relevant qualifications.
Employers continue to value individuals with strong technical skills, and the study suggests that there is an equal shortage of skills in both specialist and generalist roles. However, employers find it challenging to find candidates with a combination of technical and complementary skills, often describing them as “unicorns.”
In light of these findings, some experts argue that it may be time to change hiring strategies within the cyber security industry. Rick Howard, N2K CSO and Senior Fellow at the CyberWire’s parent company, suggests adopting a style of recruiting similar to the concept of “Moneyball” in baseball. This approach involves seeking out individuals who can get the job done at the lowest possible cost, rather than solely focusing on certifications and degrees. By considering candidates with a high degree of speciality, employers may be missing out on lower costing cybersecurity professionals who can still contribute effectively to a team.
Instead, employers could shift towards an aptitude-based approach that emphasizes training and developing the skills of their existing team members. This approach would allow businesses to maximize the potential of their workforce and bridge the skills gap within the cyber security industry.
In conclusion, the study conducted on behalf of the UK Department for Science, Innovation, and Technology has highlighted the significant skill gaps present within the cyber security industry. The report emphasizes the need for businesses to address these gaps by providing support and training for their cyber security professionals. Additionally, the study suggests that changes in hiring strategies, such as adopting an aptitude-based approach, may be necessary to bridge the skills gap effectively. With the growing demand for cyber security professionals, it is crucial for businesses and the industry as a whole to address these issues and ensure a skilled and capable workforce.