Mixed reaction from information security industry on 2014 Budget

The UK's Chancellor of the Exchequer George Osbourne introduced the 2014 Budget yesterday, but those in the infosec industry believe that it didn't do enough to close the cyber security skills gap.

Mixed reaction from information security industry on 2014 Budget
Mixed reaction from information security industry on 2014 Budget

Yesterday's Budget from the Chancellor of the Exchequer may have been welcome news to older savers and anyone planning for their pension, but some segments of the IT security industry expressed disappointment that the UK government has not truly raised the bar when it comes to encouraging or training people to enter the IT security profession. 

The CBI - the former Confederation of British Industry – was positive and welcomed news of a boost to apprenticeships, noting that apprenticeships are a crucial tool in fighting skills shortages and youth unemployment. 

"This additional support is very welcome - especially for smaller firms wanting to do more. We still need to better demonstrate the benefits of apprenticeships to young people, however," it said in its analysis. 

Gary Turner, managing director of Xero, the specialist SMB tech provider, said that the increase in Research and Development (R&D) tax relief is good for any SMEs engaged in technology innovation – including technology start-ups. From April 1, he said that the rate of  tax credit payable for loss-making R&D at small SMEs will be increased from 11 to 14.5 per cent - a measure designed to incentivise small companies and start-ups to invest in R&D. 

"In particular, the policy targets companies for whom risks and market failures are most pronounced, a measure which is consistent with the government's wider objective to support small innovative companies with high growth potential," he said, adding that, whilst it is encouraging news that the economy is growing well, there is still a clear opportunity to cement the UK's leadership in technology innovation in Europe. 

This opportunity, he said, is increased when you consider the Chancellor's statement that the UK economy is growing faster than that of Germany, Japan and the US. 

Against this backdrop, he added, the government's policy goes some way to support that ambition. 

Amanda Finch, general manager of the IISP - the Institute of Information Security Professionals - was also positive, saying that it is good to see the government investment in the Alan Turing Institute, adding that she hopes that the investment in MScs and apprenticeships address the skills shortage within information security industry.

"I would have liked to have seen more focus on retraining in the workplace and channelling transferable skills into IT security," she said. 

No great change in strategy

James Lyne, EMEA director of the SANS Institute and an instructor with the security training agency, was less upbeat. He told SCMagazineUK.com that the budget does not reflect any great change in the government's strategy regarding cyber-security. 

"The challenge continues to be a lack of security talent on our industry. Even with the current training investments, we won't see any major changes in IT skill sets much before the end of the decade," said Lyne, who is also director of technology strategy at Sophos.

Having said that, he added, the Government is now investing in security training, and it is reassuring to see the government improving apprenticeship arrangements for business in the budget.

The problem remains, however, that many school leavers are very keen to progress in the field of IT security, but they lack the opportunities to further their experience in the area. 

"The problem is that the path for the individual to progress is still not that clear, even if some opportunities exist," he explained. 

Andrea Simmons, chief risk officer & global head of security policy governance with HP's Enterprise Security Services, was unimpressed with the improvements in apprenticeship arrangements outlined in the budget. 

"There is no need for more training, that's for sure," she said, adding that what training there is hampered by a lack of investment – from individuals not appreciating that they control their own future and destiny and that lifelong learning is a part of the journey.

"And from organisations due to ongoing constriction in budgets," she explained. 

Simmons went on to say that, despite these issues, there is still a plethora of available training in the IT industry - as has been the case for many years. 

"Let's face it, the ISC(2) is in its 25th year now. There is an extensive `common body of knowledge' and there are a number of skills frameworks - the IISPs being the most useful and most used in security circles in the UK and beyond, so there is no bad news story here," she said, adding that there is also the CREST programme and the available training routes. 

"At the end of the day, businesses are facing a difficult decision when it comes to educating from within given the likelihood of then losing that trained individual to competitors," she added. 

Sign up to our newsletters