The number of UK companies with a basic cybersecurity skills gap has dropped from 2018 but still stands at around half of all businesses, according to a new government study.
The Department for Digital, Culture, Media & Sport (DCMS) report is compiled from analysis of labor market databases, interviews with training providers and quantitative surveys with UK organizations.
Although down from 54% in 2018, 48% of firms still have staff unable to carry out the basic tasks outlined in the government’s Cyber Essentials scheme, such as setting up firewalls, storing data and removing malware, it warned.
The report claimed that 30% of UK businesses also lacked more advanced cyber-skills in areas such as pen testing, forensics and security architecture, while over a quarter were understaffed in terms of incident response (27%).
Other skills in high demand included: threat assessment or information risk management, assurance, audits, compliance or testing, cybersecurity research, implementing secure systems and governance and management.
Two-thirds (64%) admitted they suffered problems with cybersecurity skills gaps and a quarter (25%) complained that this had seriously impacted business goals. A third (35%) of employers reported vacancies being hard to fill, either because applicants lacked technical skills or knowledge (43%) or relevant soft skills (22%).
The government report also claimed that just 15% of the current cybersecurity workforce is female, much less than the 24% global figure reported by (ISC)2. Diversity is lacking elsewhere: just 16% come from ethnic minority backgrounds and only 9% were classed as neurodivergent.
However, on the plus side, more businesses today than in 2018 have carried out a formal analysis of their training needs (22% versus 14%) and more consider it essential to have incident response skills (23% versus 17%).
The government called for greater investment in technical skills and training, more relevant courses from schools, universities and training providers, and a more open attitude from recruiters.
“Many employers could benefit from broadening their recruitment practices, to employ more career starters, apprentices, graduates, people transitioning from other sectors or roles outside cybersecurity, and those from diverse groups,” it said.