Boardrooms ‘lack understanding of cybersecurity’, government report finds

Written by Margaret Taylor on 5 May 2022 in News

An annual study has identified core technical and incident-response skills gaps

Credit: methodshop/Pixabay

A high proportion of UK businesses continue to lack staff with key technical, incident-response and governance skills in the field of cybersecurity, the latest publication of annual government-backed report has found.

Compiled by Ipsos and Perspective Economics on behalf of the government, the Cyber Security Skills in the UK Labour Market report found that just over half of all private-sector businesses lack the confidence to perform a range of basic cyber tasks or functions while a similar proportion of firms focused specifically on the cybersecurity sector have faced problems with technical skills gaps both among existing staff and job applicants.

The report is now in its fourth year and, while the figures for basic and advanced technical skills gaps have not changed significantly in that time, the researchers found that there had been an increase in the proportion of businesses that lack incident-management skills – up from 27% in 2020 to 32% in 2021 and 37% now.

“The qualitative evidence continues to suggest, in line with previous years, that management boards outside the cyber sector lack an understanding of cybersecurity,” the report states. “In particular, the interviews highlight a potential knowledge deficit among C-suite decision-makers tasked with overseeing cybersecurity. This is linked to the absence of a comprehensive generalist training pathway for individuals moving into these positions, and other challenges such as a lack of time to dedicate to cybersecurity.”

Related content

It added: “Excluding those working directly in cyber-sector firms, 85% of the individuals fulfilling cyber roles in the private sector have transitioned into this position from a previous non-cyber role. By contrast, in the cyber sector, more than half the workforce (54%) have previously worked in a cyber role elsewhere. Nevertheless, skills gaps are also common in the cyber sector. Half of all cyber firms have faced problems with technical cyber-security skills gaps, either among existing staff or among job applicants. A total of 19% say that job applicants having these skills gaps has prevented them from achieving business goals to a great extent.”

The findings chimes with another report compiled on behalf of the government in March, which revealed that about two in five UK businesses had been hit by a cyberattack in the previous year.

That report noted that while UK organisations were placing greater importance on cybersecurity than in any other year the survey had been carried out, gaps remained, with fewer than one in five organisations having a formal incident-management plan in place to deal with a breach.

The authors of the latest report said the data they collected highlights that there is both an “immense challenge in meeting employers’ recruitment and training needs” in terms of cybersecurity while employees responsible for cyber security face difficulties in “finding the right career and training pathways”.

They said the nine recommendations made to government and industry last year – which included reviewing and updating guidance on how cybersecurity risks should be reported to board members and encouraging cyber businesses to build links with schools, colleges and universities – still stand.

However, they added that employers and policymakers must also take account of several key findings from the latest report, including the fact that demand for cyber-security professionals increased significantly in 2021 while at the same time a lack of complementary skills among job applicants has become a bigger issue for cyber-sector businesses.


About the author

Margaret Taylor is a journalist at PublicTechnology sister publication Holyrood, where a version of this story first appeared. She tweets as @MagsTaylorish.

Share this page




Please login to post a comment or register for a free account.

Related Articles

Police investigated 4,300 cyber offences last year – but charged fewer than 100 criminals
12 August 2022

The proportion of offences resulting in a formal charge increased slightly, but remains at barely more than one in every 50

‘These are fundamental to empowering individuals’ – ICO takes action against departments and councils over data requests
28 September 2022

Ministry of Defence and Home Office are among those reprimanded over major backlogs that caused ‘significant distress’ to individuals. PublicTechnology finds out more.

MoD appoints £2m cyber specialist to test Army IT vulnerabilities
23 September 2022

Firm will be asked to assess existing and new tech platforms 

Government reveals ambition to drastically reduce cybercrime
21 September 2022

Consultation launched on how to ‘reduce the security burden on citizens’