Half of UK businesses reported cyber-skills gaps last year, with diversity still woefully lacking in most organizations, according to the latest government figures.
The DCMS-sponsored Cybersecurity skills in the UK labour market 2021 report was compiled from representative surveys of security sector and wider organizations, as well as analysis of job postings and research with recruitment agencies.
It revealed that around 680,000 businesses in the country have staff in charge of cybersecurity that lack the confidence to carry out basic tasks laid out in the government’s best practice Cyber Essentials framework. This includes storing or transferring personal data, setting up configured firewalls and detecting and removing malware.
A third (33%) reported more advanced skills gaps such as in penetration testing, forensic analysis and security architecture, while a similar number (32%) have gaps in incident response and are not outsourcing the function.
Even within the cybersecurity sector there were problems, with nearly half (47%) saying they’d experienced challenges with current staff or job applicants not having the required technical skills. Over a third (37%) said vacancies since the beginning of 2019 have been hard to fill.
However, despite these concerning statistics, the report pointed out that things are slowly improving in some areas. Businesses are less likely to report basic skills gaps than in 2018, senior managers are described as more likely to understand cyber-risk and fewer security sector firms reported skills gaps.
The improvements do not extend to diversity, however, with just 17% of the workforce from ethnic minority backgrounds, falling to just 3% of those in senior cybersecurity roles. In addition, only 16% are female, versus 28% across all digital sectors, falling to 3% in senior roles, according to the report.
Amanda Finch, CEO of the Chartered Institute of Information Security (CIISec), argued that recruitment is in need of an overhaul, with communication between recruiters and employers currently poor.
“The fact is, challenges in recruitment come from all sides — from organizations being unclear or over demanding and recruiters not understanding the roles, to a lack of confidence or skills from applicants. Rather than pointing the finger, we need a collaborative approach to addressing these issues,” she said.
“One example is unrealistic and intimidating job descriptions which over-exaggerate the skills and experience needed for a role. Considering that women only apply for roles they are 100% qualified for, whilst men will apply if they meet 60% of the qualifications, this approach may be alienating women and other minority groups. Communicating the fundamentals of a position — who the organization wants to hire, what skillset is actually needed, what training applicants can receive — is crucial, as is providing accurate job descriptions.”
The DCMS-sponsored Cybersecurity skills in the UK labour market 2021 report was compiled from representative surveys of security sector and wider organizations, as well as analysis of job postings and research with recruitment agencies.
It revealed that around 680,000 businesses in the country have staff in charge of cybersecurity that lack the confidence to carry out basic tasks laid out in the government’s best practice Cyber Essentials framework. This includes storing or transferring personal data, setting up configured firewalls and detecting and removing malware.
A third (33%) reported more advanced skills gaps such as in penetration testing, forensic analysis and security architecture, while a similar number (32%) have gaps in incident response and are not outsourcing the function.
Even within the cybersecurity sector there were problems, with nearly half (47%) saying they’d experienced challenges with current staff or job applicants not having the required technical skills. Over a third (37%) said vacancies since the beginning of 2019 have been hard to fill.
However, despite these concerning statistics, the report pointed out that things are slowly improving in some areas. Businesses are less likely to report basic skills gaps than in 2018, senior managers are described as more likely to understand cyber-risk and fewer security sector firms reported skills gaps.
The improvements do not extend to diversity, however, with just 17% of the workforce from ethnic minority backgrounds, falling to just 3% of those in senior cybersecurity roles. In addition, only 16% are female, versus 28% across all digital sectors, falling to 3% in senior roles, according to the report.
Amanda Finch, CEO of the Chartered Institute of Information Security (CIISec), argued that recruitment is in need of an overhaul, with communication between recruiters and employers currently poor.
“The fact is, challenges in recruitment come from all sides — from organizations being unclear or over demanding and recruiters not understanding the roles, to a lack of confidence or skills from applicants. Rather than pointing the finger, we need a collaborative approach to addressing these issues,” she said.
“One example is unrealistic and intimidating job descriptions which over-exaggerate the skills and experience needed for a role. Considering that women only apply for roles they are 100% qualified for, whilst men will apply if they meet 60% of the qualifications, this approach may be alienating women and other minority groups. Communicating the fundamentals of a position — who the organization wants to hire, what skillset is actually needed, what training applicants can receive — is crucial, as is providing accurate job descriptions.”