Many businesses in the UK lack staff with the technical, incident response and governance skills needed to manage their cybersecurity, according to a government study.
The research for the Department for Digital, Culture, Media & Sport (DCMS) found that 48% of firms have a skills gap when it comes to basic tasks like setting up configured firewalls, storing or transferring personal data, and detecting and removing malware.
Another 30% have more advanced skills gaps, in areas such as penetration testing, forensic analysis and security architecture, while over a quarter (27%) have a skills gap when it comes to incident response (and do not outsource this).
Other skills in short supply include: threat assessment or information risk management; assurance, audits, compliance or testing; cybersecurity research; implementing secure systems; and governance and management.
And larger organisations with significant physical or digital infrastructure, such as energy companies and banks, admitted to an ‘urgent’ lack of skills around industrial control systems and operational technology. “This posed its own unique challenges, as some of these organisations were operating with legacy technology and required staff in cyber roles who were familiar with both old and new systems,” the report noted.
Looking ahead, respondents anticipated greater technical skills gaps in areas including cloud computing and storage, artificial intelligence (AI) and machine learning, threat intelligence, and skills to work with the Internet of Things (IoT). Non-technical ‘soft’ skills such as communication and client handling were also expected to be in high demand.
In a series of recommendations, the report called for increased investment in technical skills and training, more relevant courses from schools, universities and training providers, and a more open attitude from employers when hiring new staff.
“Many employers could benefit from broadening their recruitment practices, to employ more career starters, apprentices, graduates, people transitioning from other sectors or roles outside cyber security, and those from diverse groups,” it said.
Investing in skills will help companies capitalise on advanced technologies and next-generation internet connectivity, according to our Next-generation connectivity report. Download your free copy to learn more!