Credit: methodshop/Pixabay

A high proportion of UK businesses continue to lack staff with key technical, incident-response and governance skills in the field of cybersecurity, the latest publication of annual government-backed report has found.

Compiled by Ipsos and Perspective Economics on behalf of the government, the Cyber Security Skills in the UK Labour Market report found that just over half of all private-sector businesses lack the confidence to perform a range of basic cyber tasks or functions while a similar proportion of firms focused specifically on the cybersecurity sector have faced problems with technical skills gaps both among existing staff and job applicants.

The report is now in its fourth year and, while the figures for basic and advanced technical skills gaps have not changed significantly in that time, the researchers found that there had been an increase in the proportion of businesses that lack incident-management skills – up from 27% in 2020 to 32% in 2021 and 37% now.

“The qualitative evidence continues to suggest, in line with previous years, that management boards outside the cyber sector lack an understanding of cybersecurity,” the report states. “In particular, the interviews highlight a potential knowledge deficit among C-suite decision-makers tasked with overseeing cybersecurity. This is linked to the absence of a comprehensive generalist training pathway for individuals moving into these positions, and other challenges such as a lack of time to dedicate to cybersecurity.”

Related content

• Departments to undergo independent audits of cyber resilience
• Government proposes tougher cyber laws for IT outsourcers
• How big is the UK’s cyber skills gap?

It added: “Excluding those working directly in cyber-sector firms, 85% of the individuals fulfilling cyber roles in the private sector have transitioned into this position from a previous non-cyber role. By contrast, in the cyber sector, more than half the workforce (54%) have previously worked in a cyber role elsewhere. Nevertheless, skills gaps are also common in the cyber sector. Half of all cyber firms have faced problems with technical cyber-security skills gaps, either among existing staff or among job applicants. A total of 19% say that job applicants having these skills gaps has prevented them from achieving business goals to a great extent.”

The findings chimes with another report compiled on behalf of the government in March, which revealed that about two in five UK businesses had been hit by a cyberattack in the previous year.

That report noted that while UK organisations were placing greater importance on cybersecurity than in any other year the survey had been carried out, gaps remained, with fewer than one in five organisations having a formal incident-management plan in place to deal with a breach.

The authors of the latest report said the data they collected highlights that there is both an “immense challenge in meeting employers’ recruitment and training needs” in terms of cybersecurity while employees responsible for cyber security face difficulties in “finding the right career and training pathways”.

They said the nine recommendations made to government and industry last year – which included reviewing and updating guidance on how cybersecurity risks should be reported to board members and encouraging cyber businesses to build links with schools, colleges and universities – still stand.

However, they added that employers and policymakers must also take account of several key findings from the latest report, including the fact that demand for cyber-security professionals increased significantly in 2021 while at the same time a lack of complementary skills among job applicants has become a bigger issue for cyber-sector businesses.