Cyber security remains an issue for half of UK businesses, Ipsos report finds

A high proportion of UK businesses continue to lack staff with the technical, incident-response and governance skills necessary to manage their cyber security, the latest Cyber Security Skills in the UK Labour Market report has found.

Compiled by Ipsos and Perspective Economics on behalf of the UK Government, the report found that around half of all private-sector businesses (51 per cent) lack the confidence to perform a range of basic cyber-security tasks or functions while a similar proportion of firms focused specifically on the cyber-security sector (49 per cent) have faced problems with technical skills gaps both among existing staff and job applicants.

The report is now in its fourth year and, while the figures for basic and advanced technical skills gaps have not changed significantly in that time, the researchers found that there had been an increase in the proportion of businesses that lack incident-management skills – up from 27 per cent in 2020 to 32 per cent in 2021 and 37 per cent now.

“The qualitative evidence continues to suggest, in line with previous years, that management boards outside the cyber sector lack an understanding of cyber security,” the report states.

“In particular, the interviews highlight a potential knowledge deficit among C-suite decision-makers tasked with overseeing cyber security.

“This is linked to the absence of a comprehensive generalist training pathway for individuals moving into these positions, and other challenges such as a lack of time to dedicate to cyber security.

“Excluding those working directly in cyber-sector firms, 85 per cent of the individuals fulfilling cyber roles in the private sector have transitioned into this position from a previous non-cyber role. By contrast, in the cyber sector, more than half the workforce (54 per cent) have previously worked in a cyber role elsewhere.

“Nevertheless, skills gaps are also common in the cyber sector. Half of all cyber firms have faced problems with technical cyber-security skills gaps, either among existing staff or among job applicants. A total of 19 per cent say that job applicants having these skills gaps has prevented them from achieving business goals to a great extent.”

The findings chimes with another report compiled on behalf of the government in March, which revealed that 39 per cent of UK businesses had been hit by a cyber attack in the previous year.

That report - Cyber Security Breaches – noted that while UK organisations were placing greater importance on cyber security than in any other year the survey had been carried out, gaps remained, with fewer than one in five organisations having a formal incident-management plan in place to deal with a breach.

The authors of the latest report said the data they collected highlights that there is both an “immense challenge in meeting employers’ recruitment and training needs” in terms of cyber security while employees responsible for cyber security face difficulties in “finding the right career and training pathways”.

They said the nine recommendations made to government and industry last year – which included reviewing and updating guidance on how cyber-security risks should be reported to board members and encouraging cyber businesses to build links with schools, colleges and universities – still stand.

However, they added that employers and policymakers must also take account of several key findings from the latest report, including the fact that demand for cyber-security professionals increased significantly in 2021 while at the same time a lack of complementary skills among job applicants has become a bigger issue for cyber-sector businesses.