There is wide consensus in the cyber-community that the skills shortage is worsening, and plenty of statistics to back that up. KPMG's survey last November confirmed the gap is getting wider, with 57 percent of respondents finding it more difficult to hire specialist cyber-staff.
The government also reported in March 2014 that demand for cyber-security professionals was rising rapidly, at more than 13 percent a year, and “the current pipeline of graduates and practitioners would not meet growing demand.”A February 2013 National Audit Office (NAO) report said, it could take 20 years to plug the science and technology skills gap.
The impact of this is massive, says the government – from firms suffering more data breaches, to a slowdown in the whole UK economy. Senior industry figures pain an equally bleak picture.
Stephanie Daman, CEO of Cyber Security Challenge UK which runs online competitions to help unearth new cyber-security talent, told SC Magazine: “We're at a point where the lack of cyber-security skills is really starting to impact businesses – it costs the UK billions of pounds each year, and has become one of the government's tier-one priorities to address.
“Data breaches are an inevitable outcome of a lack of security professionals – and it's becoming a matter of national security. Take our critical national infrastructure, it's increasingly internet-reliant, making it vulnerable to attack. We need skilled people to fill these roles and ensure the safety of our nation.”James Lyne, global head of security research at Sophos told SC: “We constantly hear from every enterprise and government, ‘we need more people, and more skilled people, in information security'. It is one of the fundamental and major issues for this country, and for many others.”
The government has won praise for its initiatives in this area, but those on the front line feel there is plenty more needs to be done. “There is broad and appropriate recognition of the issue, but that hasn't as yet translated into the right actions,” Lyne said.The experts we spoke to believe action is needed in two crucial areas: ‘fixing the future' – making sure enough school and university students are taught cyber-security to answer future demand; and ‘fixing right now' – UK businesses doing what they can to plug their immediate skills gap.
Fixing the future
One key reason it could take 20 years is that British schools and universities badly lack students taking STEM (science, technology, engineering and maths) courses. And that's made worse by the fact that some hacker-friendly countries are churning out such people.
Mike Loginov, vice chair of the National MBA Advisory Board said: “There is a massive skills shortage, and we know there's not enough people coming into STEM skills areas.
“But there's a growth in those skills in other nation states, outside the UK and outside Europe - not always in the most friendly of nations. And the challenge of that is that is typically where the hacker community comes from.”The government has accepted its central role in solving the problem, pouring millions into cyber-security education and training as part of its five-year £860 million ‘UK Cyber Security Strategy'.
Among other initiatives, GCHQ last year got students to develop a free-to-download app called Cryptoy which teaches young people about security and encryption.