The UK has a serious shortage of skilled cybersecurity professionals, and the gap between supply and demand is only getting wider by the day. According to a recent study, Britain has the second largest cybersecurity skills shortage in the world, with only Israel having a poorer shortage of such professionals. The demand for cybersecurity experts is rising at an unprecedented rate, yet the number of people applying for these roles in the UK is worryingly low.
According to the latest Global information security workforce study, the number of cybersecurity jobs in the UK is increasing at nearly 20 per cent every year, yet it has been predicted that there will be a global shortfall of 1.8 million cyber professionals by 2022. This problem is beyond crisis point, and UK businesses put themselves at serious risk if they continue to do nothing to tackle this issue.
Over two-thirds of UK companies admit they do not have enough security personnel in their staff to combat the rise in cybercrime. Nearly half of businesses say that because there are not enough cybersecurity professionals, there has been a significant increase in data breaches. However, the majority of businesses are doing little to nothing to combat the crisis and intake into the industry remains stagnant.
The reasons behind the disparaging lack of talent entering the cybersecurity profession are varied. They range from a reluctance to hire millennials to a failure to bring more women into the industry, and the irresponsibly weighted value attributed to experience compared with willingness to learn and the right characteristics for roles.
The answer to tackling the UK’s cybersecurity skills gap fundamentally lies in encouraging more people to enter the industry. Yet, this requires breaking down the multi-layered barriers of entry that exist.
One of the most obvious ways to close the cybersecurity skills gap is to target and recruit greater numbers of millennials. However, at present, only 12 per cent of the cybersecurity workforce in Britain is under 35. A survey of UK businesses also found that only 6 per cent include hiring university graduates as a part of their cybersecurity recruitment plans – this shows there is a serious reluctance to hire millennials among business leaders.
Almost all companies would rather employ an infosec professional who has extensive previous experience in cybersecurity. Not only is this incredibly short-sighted, as the types and scales of cyberattacks we see today were not around even three to five years ago, it also excludes almost everyone who wants to enter the industry from a non-cybersecurity background from doing so. The reluctance to hire millennials is causing serious harm for businesses both now and in the coming years.
Practical way of learning
According to the Center for Cybersecurity Safety and Education, the representation of women in cybersecurity remains at a poor 11 per cent. This is the same percentage as in 2015, showing there has been no progress made over the past two years, despite the best intentions of organisations, governments, and agencies. With women representing roughly 50 per cent of the world’s population, the logical conclusion to filling the empty but much-needed cybersecurity roles in the UK is surely to tap into this talent pool.
Yet the same barriers to entry that exist for millennials are also there for women. Added to this is the subconscious bias held against women who may have undertaken higher education in the likes of humanities subjects rather than the sciences – historically cybersecurity experts only ever studied technical subjects like mathematics or computer science. This ties in to the industry-wide belief that only experience directly related to cybersecurity is applicable when applying to jobs in the sector – a complete misconception as it rules out huge swathes of potential candidates who would do very well in the roles.
To tackle the ever-growing skills shortage in cybersecurity, we need to look at how to raise awareness of the benefits to being part of the industry and break down the barriers to entry. The best and most practical way to do this is to increase the number of cybersecurity apprenticeships on offer to graduates and those looking to enter the industry from a different career. There needs to be a real emphasis on recruiting, training and retaining of UK talent in-house.
Apprenticeships are a truly practical way of learning. They offer the chance to enter an industry at a junior level, usually without requiring any higher education, to focus on training in a specific career and learn the trade by doing the job on a daily basis, while also being paid. Gaining hands-on experience and crucial qualifications is invaluable, especially when it comes to the complex and ever-changing world of cybersecurity. Those who become apprentices also have the advantage of being able to apply the skills they learn immediately, instead of having to wait three or more years to put the theory they learned at university into practice.
As we know, UK businesses are reluctant to hire those without direct experience in the cybersecurity. Increasing the number of cybersecurity apprenticeships will automatically increase the number of people with eligible experience in the sector – significantly helping to close the skills gap. Further, it will remove one of the main barriers of entry for those who are looking to enter from outside the industry – how to enter.
We are in a perfect storm as the ageing UK cyber-workforce looks set to retire and the long-term failure to recruit millennials and women in the sector becomes blatant. The ability to earn while learning a skill on the job is incredibly attractive, especially for those in the younger generations who are keen to get the best start to their careers and lives.
Ultimately, the UK cybersecurity industry should be doing more to promote apprenticeships if they want to ensure the top talent in the UK doesn’t look elsewhere. As it stands, the future of cybersecurity looks bleak if more is not done to harness the untapped pool of talent. Apprenticeships are an essential element of how we will close the cybersecurity skills gap – but companies need to take action now if they want to ensure the security of their businesses in the long run.
Isaac Daniel, Founder and CEO of Macate Group Limited and IDG
Image source: Shutterstock/Duncan Andison