Read more about the cyber skills gap:
- Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures
- UK Government Report Finds Cybersecurity Skills Gap Stagnant
- AI to Create Demand for Digital Trust Professionals, ISACA Survey Finds
Around half (44%) of UK businesses have skills gaps in basic technical cybersecurity areas, according to latest government findings.
Of the 637,000 businesses examined, 390,000 (27%) have gaps in advanced skills, such as penetration testing. Incident management skills gaps have also increased from 27% in 2020 to 48% in 2024.
These figures are part of the UK’s Department for Science, Innovation & Technology (DSIT) Cyber Security Skills in the UK Labour Market 2024 which is now in its sixth iteration.
“In this year’s study, we have seen some shifts in the cyber skills landscape. Supply has grown while demand has cooled because of macroeconomic factors and wider redundancies and recruitment freezes in the digital sector. However, there continues to be a ‘gap,’” DSIT commented.
Over the six years the survey has run, researchers have consistently found that around half of businesses have a basic skills gap and around three in ten have an advanced skills gap.
On incident management, among the businesses that do not outsource this activity almost half (48%) are not confident that they would be able to deal with a cyber security breach or attack.
DSIT noted that the proportion of businesses lacking confidence has increased over time, from 27% in 2020.
The research found that both employers and recruiters believed that AI is likely to have an impact on the cyber skills landscape. What this looks like however remains uncertain but some potential changes were highlighted, listed below.
Four potential changes AI will make to cyber skills:
- Increasing automation of cyber tasks (which could lead to job losses)
- The need for skills to understand and act upon AI tools
- Roles becoming ‘AI cyber’ rather than just ‘cyber’
- The emergence of deep specialisms such as ‘cyber security machine learning’
Increasing automation could lead to some jobs disappearing, DSIT noted, while skills need to evolve so that organizations can use AI cyber security tools effectively.
There may be risks in relying on these tools if they are not adequately understood or managed.
Diversity in the Sector Remains a Challenge
The proportion of women and disabled people in the cyber workforce continues to be lower than both the UK workforce as a whole and the digital workforce, the report found.
Women represent just 17% of the cyber workforce, lower than both the UK workforce as a whole and the digital workforce.
Meanwhile, 15% of the cyber workforce are from ethnic minority backgrounds, in line with the UK workforce overall. In contrast, 6% are disabled, which is lower than both the digital and the UK workforce. 13% of the cyber workforce has been found to be neurodivergent.
Of the 47% of cyber firms that have attempted to recruit individuals into cyber roles since January 2022, just 42% have taken some action to encourage applications from diverse applicants. This means they have targeted at least one of these diverse backgrounds.
Through qualitative research, DSIT found that employers commonly associated diversity with a lack of female representation, which goes towards why recruitment efforts are more likely to be directed at this group.
One continuing problem in diversifying the talent pool is that the gender gap for cyber security courses remains wide, with only 14% of female graduates at undergraduate level, and 24% at postgraduate level.