According to a report by the UK Government in 2018, there were between 30,000 and 40,000 staff employed in the UK’s cyber security sector; with over 800 firms providing cyber security products based in the country.
But while these numbers are encouraging, cybercrime remains rampant. Last year’s Cyber Security Breaches Survey found that 43% of businesses had reported cyber security breaches or attacks within the previous 12 months of the study. This figure rose to seven in 10, or 72%, among large businesses.
All this begs question; is the UK’s cyber security industry doing enough to fight cybercrime?
The industry faces a lot of challenges, hackers are getting better, the number of devices vulnerable to attack is growing at an exponential rate, and finding skilled workers is proving difficult — Cybersecurity Ventures has predicted that there will be 3.5 million unfilled cyber security job openings by 2021.
The science of securing cyber skills
The cyber security skills gap is nothing new. So, what can be done to bridge it? Science may have the answer
But according to the panel of industry leaders and academics at a recent debate, Cybercrime – The next threat? hosted by the think-tank Parliament Street, in Westminster, there was a consensus that it’s time for the industry to do more; and tapping into new and diverse talent pools to plug the gap would be a great start.
Raj Samani, chief scientist at McAfee, went even further, he said: “I don’t even think there is a skills shortage. I think there’s a lack of courage from organisations today.
“I just hired an individual who two-years ago was stacking shelves at a supermarket because he simply showed a level of enthusiasm and he showed a level of commitment to get into this industry.
“All too often, we, as an industry say, there’s not enough people, while we expect ridiculous things such as, certifications which require three or five years worth of studying plus industry experience on top of that, all for a £30,000 job. The fact that they then complain is ridiculous.”
A full house for the cyber security debate, as chair .@StevenGeorgia moves discussion on to the role public sector services can play in improving cyber security measures in the U.K. #PSCyber pic.twitter.com/rhJA7bm1Oe
— Centropy PR (@CentropyPR) March 20, 2019
Making a career in cyber exciting
While there are some good incentives out there for attracting new people to develop themselves in this field, more needs to be done to challenge negative stereotypes, argued Dan Raywood, contributing editor, Infosecurity Magazine.
He said: There’s too much of an impression out there that a job in this industry means sitting in front of a computer all day. In reality, you’re not going to spend your whole life in a cubicle. We need to articulate that there’s a wider career option than what’s being perceived.
“It needs to start at school; the industry needs to present more role models and people who can talk about what career opportunities there are and why it’s exciting. As an industry, it’s generally perceived as a bad news kind of industry, this needs to change.”
The answer the UKs cyber security skills gap? More apprenticeships
As cybercrime increases, it is crucial that the UK’s critical national infrastructure has a strong number of cyber security experts working for them
Another area where the panel reached consensus was diversity and how the lack of it is hampering the industry.
The panel agreed that by embracing diversity, the industry would simply have a broader pool to pick talent from but more needed to be done to attract women into the sector.
Raywood argued: “So many events out there around cyber security lack women, they’re often just rooms full of men. But there are a lot of great women-focused cyber security conferences too which are great, and industry can get involved.
“I want to see conferences become more accessible to women, so it’s important the industry opens the door a bit more to what cyber security can be.”
How diversity can help fight cyber-attacks
A diverse cyber security team offers multiple ways of thinking, allowing businesses to stay one step ahead of attackers. How can IT leaders take advantage?