Cybersecurity skill gaps and shortages are often cited as a major reason that many organizations fail to implement effective security tools and practices. The UK’s Department for Science, Innovation, and Technology (DSIT) conducts an annual survey of the cybersecurity labor market in order to measure trends over time.
This year’s research is largely in line with previous years, though there are changes and improvements in several areas. Almost half of the businesses included in the research (44%) are lacking in essential security skills in basic technical areas. The research addresses these skills gaps within organizations, skills shortages within the industry, and labor and education statistics and demographics.
Basic Cybersecurity Skills Gaps
Skills gaps and shortages can lead to many organizations having poor cyber hygiene and being unable to maintain the in-house cybersecurity skills that are essential to building a robust and effective security strategy. The research looks at a number of basic cybersecurity skills that many organizations are lacking, such as:
- Dealing with breaches of security
- Setting up configured firewalls
- Detecting and removing malware
- Transferring personal data
- Restricting software
- Choosing secure settings
- Setting automatic updates
In addition to basic cybersecurity skills, the survey also reveals the skills gap in advanced cybersecurity. The businesses examined in the data are the least confident in their ability to perform in four major areas: forensic incident analysis, penetration testing, interpreting malicious code, and security architecture or engineering. In each of these skills, more than half of the businesses responded that they are either “not very confident” or “not at all confident.”
Along with skills gaps, businesses are also facing skills shortages, causing difficulty in hiring and recruiting. According to the research, 70% of organizations with vacancies to fill have found at least one vacancy difficult to fill. A lack of technical skills or knowledge is the most commonly cited reason for hard-to-fill vacancies, with 52% of cyber firms giving this reason without prompting.
Shifts in Cybersecurity Labor Supply and Demand
The imbalance of supply and demand when it comes to skilled cybersecurity professionals can be a significant hindrance to an organization’s security posture. There is a range of factors at play in the fluctuation of supply and demand, including:
- Higher education: This year’s research shows an increase in the number of higher education institutions offering cybersecurity or computer science courses, the range of courses offered, and the number of students enrolled in these courses.
- Employment statistics: The cybersecurity sector shows overall employment growth based on analysis of full-time equivalent (FTE) employees, but some large cybersecurity organizations have announced layoffs.
- Further education: The overall number of apprenticeships in information and communications technology (ICT), as well as the number of students enrolling in, beginning, and completing apprenticeships, have all increased from the 2021/22 school year to 2022/23.
- Retraining and upskilling: Organizations in need of cybersecurity professionals can look for potential employees whose skills can be fortified and refreshed through additional training or certification.
While this year’s research shows an increased supply of skills and a decreased demand, the disparity remains a problem for many businesses. Based on analysis of a range of data, the research shows that the number of people entering the workforce annually falls short of what the market requires by around 3,500 people. This number is smaller than in previous years, but it still indicates a skill shortage.
Looking Ahead: The Role of AI
Artificial intelligence (AI) is a major player in the conversation around cybersecurity skills. The addition of AI to the cybersecurity landscape has far-reaching impacts in multiple directions. The growth in popularity of automated tools for functions that previously required skilled labor has the potential to eliminate some jobs in the cybersecurity industry, but cybersecurity expertise is essential for the proper implementation and management of AI and automation.
On the whole, present AI technology has not evolved enough to replace human professionals with essential cybersecurity skills. While AI can be helpful for automating tedious and time-consuming tasks, it cannot reliably perform all of the functions for which organizations may be tempted to use it.
Rather than relying on AI tools to fill in the skills gap, DSIT anticipates an increasingly complex cyber landscape. Cybersecurity professionals must evolve their skills in order to help organizations utilize AI tools effectively, and the conclusion of the research projects the development of new niche specialties to address the issues that arise from the constant evolution of AI technology, threat trends, and the digital landscape.
Fortifying Cybersecurity and Closing the Skills Gap
An organization lacking basic cybersecurity skills puts it at a much higher risk of falling victim to cyberattacks like ransomware and data breaches. Some businesses may not have the resources necessary to fully close the skills gap, but outsourcing some or all cybersecurity operations can help these organizations maintain effective cybersecurity strategies.
Closing the skills gap in an organization will likely require a combination of tactics, from automating certain processes to investing in retraining and upskilling employees. The use of sophisticated tools and managed services can help organizations ensure that they are protected against cyberthreats.
To read more about the UK’s current cybersecurity landscape, you can take a look at this recent post: England and Wales Report a Spike in Computer Misuse.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.