Cyber-security skills gap could take 20 years to bridge

The cyber-security industry could boost the UK economy - if there are enough people with the right skills to make it happen, says the Institution of Engineering and Technology (IET).

The demand for cyber-skills is forecast to grow 13 percent each year until 2017; and a study for the Department of Business, Innovation and Skills last year reported a shortage of those with the cyber-skills needed by the industry. However, the gap in the industry isn't getting much smaller as the National Audit Office stated that the gap could take 20 years to fill.

The main challenges the cyber-security industry faces are a lack of skills, the ability of companies to implement new technology, and investment. The IET report indicated that the next generation of engineers will require cyber-security skills, as network-controlled devices are increasingly used. Because of this, emphasis should be put on securing physical systems interfacing with digital networks.

The report says that devices which communicate each other will make up most of the Internet of Things (IoT), merging wireless and micro-electric mechanical systems. This will be central to the design of most smart devices, even smart medical devices which could improve healthcare.

Tim Watson, director of the Cyber Security Centre at the University of Warwick said: “We will need engineers, including people with expertise in areas such as materials science and electromagnetism.”

He added that the supply is linked to demand for skilled people and is also linked to knowledge of the threats and means of prevention.

Chris Sullivan, VP of advanced solutions at Courion, said “to put the scale of this problem in perspective, try feeling that one pound coin in your pocket. You would need a stack of them 2,000 miles high to cover annual cyber-security losses.

“[…] You should and you must train people to help cope, but it is also important to leverage intelligent tools to automate security and assurance tasks to improve speed, accuracy and efficiency, remember, it's a big and complex problem) A fundamental step in this direction is to continuously mine for and eradicate excessive access. Excessive access comes in many forms like privileged, orphaned and abandoned accounts that are consistently leveraged by our adversaries. Managing these down will reduce your complexity and your threat surface and ease administrative overhead.”