Spotlight 24 May 2021 How to close the cyber skills gap The chair of the APPG on cyber security on meeting the urgent need for a cyber resilient workforce. Getty images/jeff J mitchell Sign UpGet the New Statesman's Morning Call email. Sign-up Many factors have combined to make cybercrime the scourge of our times. It can be committed from anywhere, repeatedly and anonymously, so the risks to perpetrators are few. Money and information are valuable targets, so the rewards of fraud and hacking can be great. And the disruption to a country or an organisation that a cyber attack can cause can be a potent instrument of power or extortion, or can give a commercial advantage to a competitor. The pandemic has added fuel to the fire, forcing even those with no digital experience to go online to provide or to obtain services as never before. Add to that the number of employees suddenly thrown into the unfamiliar territory of working from home, and you have yet another layer of data security issues for organisations to address, often almost overnight. In today’s parlance, it is a perfect storm. In an economy reeling from the effects of Covid-19, businesses are having to work harder than ever to protect their bottom line. They have also become increasingly aware that cybercrime is indiscriminate and that the likelihood is that, regardless of their sector or size, it could happen to them – so they need to take every possible step to defend their assets. The solution seems straightforward: hire the best, most experienced staff, and take their advice. Sadly, it’s not that simple. Recruitment specialist Robert Walters and data firm Vacancysoft’s 2020 report Cybersecurity: Building Business Resilience, found a shortage of 140,000 cyber security professionals across Europe. They also reckoned that 70 per cent of businesses across Europe do not have an adequate cyber security team. Read more: The human side of cyber security These were findings bolstered by the government’s own report Cyber Security Skills in the UK Labour Market 2020. It found that 48 per cent of the (more than one million) businesses surveyed had a basic skills gap, with their staff having insufficient confidence even to set up configured firewalls, store or transfer personal data, or detect or remove malware. For more complex cyber security skills, including, among others, threat assessments, implementing secure systems, compliance and testing, the gap was even wider, at 64 per cent. We should be very concerned by these stark figures. With the threats increasing, and the dearth of skilled staff available to avert them, it is easy to see why cyber security company Kaspersky describe the cyber skills gap situation as “a ticking time bomb”. So what’s led to this mismatch of supply and demand? The reports mentioned above identified a number of issues, including: -Young people discounting, or not even being aware, of such career choices. This is particularly true of young women – something which schools, government, employers and academia must address. Digital poverty in poorer areas compounds this effect. -The fragmented framework of qualifications and accreditations available in the cyber security area also lead to confusion for students, who can see no clear path ahead, and for employers seeking to find which option best fits their needs. That confusion effectively acts as a deterrent. -Not all organisations invest in training staff in cyber roles, despite the fact that the rapidly evolving nature of cybercrime makes continuous education imperative. -Potential candidates sometimes lack the blend of technical and soft skills that employers – especially SMEs – require. If the skills gap is to be narrowed, then all of the above issues need addressing. In a climate where cybercrime and unemployment are both on the rise, the need to do this becomes ever more compelling. Education and training in all its forms clearly has a central role to play. Given that educational pathways in cyber security are currently so fragmented, and the differences between the various qualifications and accreditations are not always readily understood, there is work to be done. There is potential for some mapping of all of the qualifications available, so that it is clearer to everyone what is on offer, whether and how they dovetail, and what the pathways are, enabling students and employers alike to choose what best fits their needs. Clearly, it will also be important for government, academia and the business sector to continue to collaborate more closely to ensure that the courses provided are practical and tailored properly to commercial needs. Providers also need to take into account some of the other specific findings of the various reports on skills gaps, and adapt their offers accordingly, ensuring, for example, that they include implementation of skills and soft skills within their courses. Agility will be another vital factor, to allow them to adapt their courses quickly to changing technologies and cybercrime trends. Read more: How to tell your customers you've been hacked Another aspect of education is to inspire young people – male and female – to consider cyber security as a rewarding career. Schools and colleges have a role to play in this, communicating the various types of roles on offer, the benefits, the way ahead, and by participating in initiatives like CyberFirst, offered by the government’s National Cyber Security Centre. Employers too have a role to play in prioritising investment in cyber security skills and training for their staff, and ensuring that those skills are regularly updated to meet the sector’s ever-changing needs. This is a complex problem, but one that will not go away. Quite the opposite – there is a growing need for staff with the right skills, and an increasing number of vacancies that go unfilled. It will take a while to solve, but knowing what needs to be done helps to focus attention on, and facilitate, the changes that need to be made. Given the clear risk of not acting, it is imperative that government grasps the mettle on this and ensures that the cyber skills gap narrows. This article originally appeared in the Spotlight report on cyber security. You can download the full edition here. › Britain’s shameless tabloids have no right to lecture the BBC on media ethics Subscribe For more great writing from our award-winning journalists subscribe for just £1 per month!