Boardrooms ‘lack understanding of cybersecurity’, government report finds

Written by Margaret Taylor on 5 May 2022 in News

An annual study has identified core technical and incident-response skills gaps

Credit: methodshop/Pixabay

A high proportion of UK businesses continue to lack staff with key technical, incident-response and governance skills in the field of cybersecurity, the latest publication of annual government-backed report has found.

Compiled by Ipsos and Perspective Economics on behalf of the government, the Cyber Security Skills in the UK Labour Market report found that just over half of all private-sector businesses lack the confidence to perform a range of basic cyber tasks or functions while a similar proportion of firms focused specifically on the cybersecurity sector have faced problems with technical skills gaps both among existing staff and job applicants.

The report is now in its fourth year and, while the figures for basic and advanced technical skills gaps have not changed significantly in that time, the researchers found that there had been an increase in the proportion of businesses that lack incident-management skills – up from 27% in 2020 to 32% in 2021 and 37% now.

“The qualitative evidence continues to suggest, in line with previous years, that management boards outside the cyber sector lack an understanding of cybersecurity,” the report states. “In particular, the interviews highlight a potential knowledge deficit among C-suite decision-makers tasked with overseeing cybersecurity. This is linked to the absence of a comprehensive generalist training pathway for individuals moving into these positions, and other challenges such as a lack of time to dedicate to cybersecurity.”

Related content

It added: “Excluding those working directly in cyber-sector firms, 85% of the individuals fulfilling cyber roles in the private sector have transitioned into this position from a previous non-cyber role. By contrast, in the cyber sector, more than half the workforce (54%) have previously worked in a cyber role elsewhere. Nevertheless, skills gaps are also common in the cyber sector. Half of all cyber firms have faced problems with technical cyber-security skills gaps, either among existing staff or among job applicants. A total of 19% say that job applicants having these skills gaps has prevented them from achieving business goals to a great extent.”

The findings chimes with another report compiled on behalf of the government in March, which revealed that about two in five UK businesses had been hit by a cyberattack in the previous year.

That report noted that while UK organisations were placing greater importance on cybersecurity than in any other year the survey had been carried out, gaps remained, with fewer than one in five organisations having a formal incident-management plan in place to deal with a breach.

The authors of the latest report said the data they collected highlights that there is both an “immense challenge in meeting employers’ recruitment and training needs” in terms of cybersecurity while employees responsible for cyber security face difficulties in “finding the right career and training pathways”.

They said the nine recommendations made to government and industry last year – which included reviewing and updating guidance on how cybersecurity risks should be reported to board members and encouraging cyber businesses to build links with schools, colleges and universities – still stand.

However, they added that employers and policymakers must also take account of several key findings from the latest report, including the fact that demand for cyber-security professionals increased significantly in 2021 while at the same time a lack of complementary skills among job applicants has become a bigger issue for cyber-sector businesses.


About the author

Margaret Taylor is a journalist at PublicTechnology sister publication Holyrood, where a version of this story first appeared. She tweets as @MagsTaylorish.

Share this page




Please login to post a comment or register for a free account.

Related Articles

Nuclear clean-up agency seeks £2m-a-year partner to help improve cyber-resilience
11 May 2022

Specialist firm sought to help identify areas where security could be bolstered

Researchers detect ‘multiple spyware infections’ of Downing St and FCDO since 2020
19 April 2022

Canadian academics claim that attack on No. 10 using Pegasus software was launched from the UAE

ICO hits facial recognition firm with £7.5m fine and order to delete all UK data
25 May 2022

Regulator finds that collection of online images was not fair, transparent or lawful

DfE retains security provider for cyber incident response in £500k deal
25 May 2022

Department signs contract with defence contractor BAE