Boardrooms ‘lack understanding of cybersecurity’, government report finds

Written by Margaret Taylor on 5 May 2022 in News

An annual study has identified core technical and incident-response skills gaps

Credit: methodshop/Pixabay

A high proportion of UK businesses continue to lack staff with key technical, incident-response and governance skills in the field of cybersecurity, the latest publication of annual government-backed report has found.

Compiled by Ipsos and Perspective Economics on behalf of the government, the Cyber Security Skills in the UK Labour Market report found that just over half of all private-sector businesses lack the confidence to perform a range of basic cyber tasks or functions while a similar proportion of firms focused specifically on the cybersecurity sector have faced problems with technical skills gaps both among existing staff and job applicants.

The report is now in its fourth year and, while the figures for basic and advanced technical skills gaps have not changed significantly in that time, the researchers found that there had been an increase in the proportion of businesses that lack incident-management skills – up from 27% in 2020 to 32% in 2021 and 37% now.

“The qualitative evidence continues to suggest, in line with previous years, that management boards outside the cyber sector lack an understanding of cybersecurity,” the report states. “In particular, the interviews highlight a potential knowledge deficit among C-suite decision-makers tasked with overseeing cybersecurity. This is linked to the absence of a comprehensive generalist training pathway for individuals moving into these positions, and other challenges such as a lack of time to dedicate to cybersecurity.”

Related content

It added: “Excluding those working directly in cyber-sector firms, 85% of the individuals fulfilling cyber roles in the private sector have transitioned into this position from a previous non-cyber role. By contrast, in the cyber sector, more than half the workforce (54%) have previously worked in a cyber role elsewhere. Nevertheless, skills gaps are also common in the cyber sector. Half of all cyber firms have faced problems with technical cyber-security skills gaps, either among existing staff or among job applicants. A total of 19% say that job applicants having these skills gaps has prevented them from achieving business goals to a great extent.”

The findings chimes with another report compiled on behalf of the government in March, which revealed that about two in five UK businesses had been hit by a cyberattack in the previous year.

That report noted that while UK organisations were placing greater importance on cybersecurity than in any other year the survey had been carried out, gaps remained, with fewer than one in five organisations having a formal incident-management plan in place to deal with a breach.

The authors of the latest report said the data they collected highlights that there is both an “immense challenge in meeting employers’ recruitment and training needs” in terms of cybersecurity while employees responsible for cyber security face difficulties in “finding the right career and training pathways”.

They said the nine recommendations made to government and industry last year – which included reviewing and updating guidance on how cybersecurity risks should be reported to board members and encouraging cyber businesses to build links with schools, colleges and universities – still stand.

However, they added that employers and policymakers must also take account of several key findings from the latest report, including the fact that demand for cyber-security professionals increased significantly in 2021 while at the same time a lack of complementary skills among job applicants has become a bigger issue for cyber-sector businesses.


About the author

Margaret Taylor is a journalist at PublicTechnology sister publication Holyrood, where a version of this story first appeared. She tweets as @MagsTaylorish.

Share this page




Please login to post a comment or register for a free account.

Related Articles

Ex-intelligence chief ‘appalled’ at ministers’ use of private messages
1 June 2023

Former GCHQ and Home Office leader David Omand expresses disapproval of use of WhatsApp and other platforms for government business

ICO urges Capita customers to ‘check their position’ after 90 organisations report data breaches
31 May 2023

Technology services firm has revealed two data-compromising incidents in recent week


MoJ reprimanded by ICO after ‘bags of confidential documents’ exposed for over two weeks
25 May 2023

Sensitive data was left unsecured in prison holding area, according to data watchdog

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...