With the global rise in cyber-attacks continuing, cyber security continues to be a hot topic for almost every business and government around the world. The last year especially has highlighted that no organisation, however small or large, is immune to the threats of cybercrime.
Ransomware and malware attacks are targeting schools, hospitals, and have even shut down a critical US oil pipeline. As cybercriminals continue to develop more sophisticated attacks, it’s up to businesses and governments to keep up.
The bad news for these organisations is that there is a pronounced cyber security skills shortage. Both the UK and US have repeatedly reported that the workforce isn’t keeping up with the demand, leading to rising wages and increased competition for skilled personnel.
Pronounced skill gaps and shortages in the UK
In 2020, the department for digital, culture, media, and sport produced a report detailing the skill gaps and shortages within the UK cyber sector. This report highlights some startling statistics that demonstrate why so many organisations are struggling to find and retain skilled cyber security professionals.
- 18% of employers have existing employees in cyber roles who lack the necessary technical skills to properly fulfil their job’s responsibilities
- 40% of employers have had applicants apply for cyber roles without having the necessary technical skills
- 23% of employers have existing employees in cyber roles that lack adequate communication, leadership, or management skills
- 41% of cyber sector businesses have skill gaps within incident management, investigation, and digital forensics
- 37% of cyber sector businesses have skill gaps within assurance, audits, compliance, or testing
These are just a small sample of the findings that the report detailed, but they paint a worrying picture for the cyber sector and organisations as a whole.
With 47% of cyber sector businesses reporting that they’ve had at least one vacancy in a cyber role since January 2019, it’s easy to see how difficult it must be to recruit for these positions. Often, the reasons for these positions not being filled is either a lack of technical skill or knowledge or little to no relevant work experience.
With organisations needing skilled personnel now to protect themselves from cyber-attacks, many don’t have the time or resources to train someone from the ground up.
Critical cyber security workforce shortage in the US
Similar to the UK, the US is suffering from a severe shortage of skilled cyber security professionals. Almost 33% of all cyber security jobs in the US remain unfilled. This equates to over 464,000 open jobs across the country.
To illustrate the severity of the situation in the US, more than one out of every 20 open jobs across the country requires cyber security skills. There simply aren’t enough professionals in the US with the required skills to fill the job demand.
To make matters worse for many organisations, including the government, pay has risen dramatically in the US, in line with this demand. On average, a cyber security job in the US pays over £75,000 per year. For smaller businesses that need the skills of these people, they simply can’t keep up with the inflation in wages.
Possible solutions
Unfortunately, many potential solutions to the cyber security skills shortage are long term. Colleges and universities are starting to offer more tailored cyber security courses, but this needs to be more widespread and incentivised by governments.
If organisations have some existing cyber security expertise, apprentices are a good solution to improve the internal resource. This is also a longer-term strategy, though, with apprentices requiring years of study to achieve the necessary skills in the areas required.
Utilising outsourced expertise is something that organisations should seriously consider if they are struggling to hire cyber security professionals. This reduces the need for costly training and recruitment and eases the load on existing internal staff.
Ultimately, this skills shortage is going to take many years to improve. It’s going to be a gradual process involving more investment in education and the promotion of cyber security as a strong career path for younger people. In the short term, outsourcing is the perfect way to fill skills gaps while you continue to foster internal talent or recruit necessary staff overtime.