A Department for Science, Innovation and Technology (DSIT) report has found that the cybersecurity skills gap is going to be around for a while.
The report said that the issue posing significant challenges to businesses and organisations across the nation. Despite an increase in demand for cybersecurity professionals, the lack of skilled individuals continues to be a persistent issue.
The report highlights that a substantial number of UK businesses are grappling with technical skills gaps, incident response skills gaps, and governance skills gaps in their cybersecurity workforce.
Half of businesses suffer from basic skills gaps, where cyber professionals lack confidence in performing fundamental tasks outlined in the government-endorsed Cyber Essentials scheme. The lack of support from external cybersecurity providers further exacerbates the situation.
More than a third of businesses face more advanced skills gaps, particularly in areas such as forensic analysis of breaches, security architecture, interpreting malicious code, and penetration testing. A concerning 41 per cent of businesses experience internal skills gaps in incident response and recovery, indicating a lack of cyber resources within their organisations.
The figures for basic and advanced technical skills gaps have remained relatively unchanged over the past five years. However, the proportion of businesses struggling with incident management skills is on the rise, increasing from 27 per cent in 2020 to 41 per cent in the current year.
A recurring issue identified in the research is the struggle some cybersecurity leads face in engaging senior leadership with cybersecurity matters. While some senior leaders acknowledge the importance of cybersecurity, it is not always prioritised adequately.
The report further delves into the challenges faced by the cyber sector itself. Nearly half of cyber firms have encountered technical cybersecurity skills gaps, either among their existing staff or among job applicants.
Additionally, 22 per cent of cyber sector employers report having employees who lack essential technical skills, while 44 per cent state that job applicants they have seen are also lacking necessary technical competencies. The most common areas cited for technical skills gaps are security testing, cyber security governance and risk management, and secure system architecture and design.
Despite the skills gaps, the demand for cybersecurity professionals continues to rise. In 2022, there were 160,035 job postings related to cybersecurity, with an average of 5,921 core cyber roles posted each month. While the demand showed signs of a slight slowdown in the second half of 2022, it remains historically high.
However, the employment rate in the cyber workforce has increased by 10 per cent in the last year, indicating a need for 13,500 new professionals annually to meet demand. The report suggests that the total requirement to fulfil the workforce gap is approximately 18,200 individuals per year. Although this is lower than previous estimates, the persistent gap remains an annual challenge for the sector.
