Is the UK’s Cybersecurity Skills Shortage Endangering your Business?

November 30, 2014 Updated: April 23, 2016

Yann Uxbridge is a technology blogger with a particular interest in cybersecurity and data protection, commenting on hacktivism and breaches across the world wide web.



There has been a big push in recent years to plug the UK’s worrying cybersecurity skills gap. Government enterprises designed to get more skilled young people into the sector have included the Cyber Security Challenge, an initiative developed to get the UK’s talented young IT students engaged in the battle for better cybersecurity. The “Challenge” is just one part of the UK’s £650 million Cyber Security Strategy launched all the way back in 2011.


The picture in 2014


Yet, three years on, the skills shortage does not seem to be shrinking – a significant cause for concern in a world where cybercrime is becoming increasingly sophisticated. As our national cybersecurity continues to struggle to muster its strength, UK businesses and consumers are increasingly being left to “fend for themselves” when it comes to digital security. More and more businesses are starting to get serious about taking responsibility for their own cybersecurity, with the government’s failures making room for a type of “private security” service for the online world, even among public sector firms.


Private companies plug the gap


With little skill going around, many businesses find it difficult and costly to get the right skill sets on site and in house. With these issues in play, a great number of enterprises are outsourcing their cybersecurity to teams of specialists like FTP alternatives like who offer niche services, backed up by those elusive expertise that are hard to source elsewhere – in this case sophisticated and secure managed file transfer with Software as a Service (SaaS) and Platform as a Service (PaaS) offerings.


In fact, the government is so short of skill that Thru’s managed file transfer package is now being offered to public sector bodies as a service in the government’s new G-Cloud initiative, designed to encourage those in the public sector to get up to date with Cloud computing swiftly and securely.


How bad is the shortage?


While headlines and criticism are all very well, just how concerned do we really need to be about the UK’s apparently flailing national cybersecurity? According to government figures, you should be a little worried. Figures from the Office for Cyber Security and Information Assurance in Cabinet Office demonstrate that cybercrime cost the UK £27 billion in 2011. In 2014 this figure is not likely to be falling. In fact, this year the global cost of cybercrime was estimated by (the understandably biased) McAfee at £300 billion.


Meanwhile, the picture in education shows no sign of a raft of young, superstar cybersecurity experts (keen to accept a low public sector salary) about to ride in to save the day. This is a raft we desperately need.


Back in the 00s the number of university students on computer science courses fell by 27% between 2003-2010, despite the rapid growth of the web and the ever more desperate need for skilled cybersecurity professionals. According to the Cyber Security Challenge website, 78,000 jobs are set to be created in the coming four years, yet over the past five years we’ve seen a 50% decline in young people entering IT professions. This is not a recipe for success and has lead to an increasing reliance on professional migrants (who are often put off by increasingly tricky immigration laws) and outsourcing.


What can your business do?


If you’re the CISO (Chief Information Security Officer) for your company, you have every right to feel vulnerable. While public sector protection weakens, it’s tougher than ever to bring the necessary expertise in house. So how can you protect your business and your customers against cybercrime, security breaches and the ensuing negative publicity, in the face of understaffing and skill shortages?


  1. Carefully audit your organisation
    The more intimately you understand cybersecurity in your business, the more accurately you will be able to identify skills shortages and uncover weaknesses in urgent need of strengthening. The NIST cybersecurity framework is a good starting point from which to appraise your team.

  2. Swallow your pride and outsource
    There’s no dishonour in accepting that you need to bring in additional skills from outside. Understanding your weaknesses is key to keeping your data and systems safe. Ask yourself “could this task be performed more skilfully and efficiently by an external company?” If the answer is yes, the next step is clear.

  3. Keep your flaws in mind
    Chances are, your business does have a cybersecurity skill shortage. This is something you need to be hyper-aware of when you develop a new cybersecurity policy or implement new technologies. If there’s no time for training, for example, shiny new tech will only leave you vulnerable as your team do not have the time to learn how to work with your new kit. Understand your limitations and plan accordingly to ensure you do not get ahead of yourself and leave your business exposed as a result. Skills, policies and systems must develop in synchrony.

  4. Focus on training and job creation

Training, training, training – this is where your energies need to be directed. Getting your superiors to understand the importance of improved cybersecurity is essential and the key to getting your team on top of your online protection with the help of a more generous budget. You also need to attract the right people to your IT roles with continued educational opportunities and clear IT security career paths.


Is your cybersecurity a concern? What steps are you taking to ensure that your business is protected from the increasing threat of cybercrime? Are you doing enough or are you fighting an uphill battle? Share your concerns, questions and experience with our readers below…