The persistent lack of skilled cyber specialists in the UK poses a significant threat to national security.

The persistent lack of skilled cyber specialists in the UK poses a significant threat to national security.

In a bid to address the persistent cybersecurity skills gap in the UK, Dr. Ismini Vasileiou, an Associate Professor at De Montfort University, has written a paper for the All-Party Parliamentary Group (APPG) on Cyber Innovation. The report highlights the misalignment between the supply and demand of cybersecurity skills, with universities and training networks producing graduates, but employers still reporting shortages [1][2][4][5].

The paper identifies AI as a socio-technical issue requiring interdisciplinary thinking in the cybersecurity field. It notes the need for more apprenticeships to help develop applicable skills for aspiring security professionals, but also mentions the limited and confusing entry-level pathways in the cybersecurity industry [1].

To close this long-running skills gap, Dr. Vasileiou proposes five key steps.

1. Create a national cyber skills taxonomy: This taxonomy would define specific cybersecurity roles, career pathways, and skill levels to clarify what training is needed and what jobs it will lead to [1].
2. Establish a national delivery body: This governing body would oversee and maintain the cyber skills taxonomy and ensure consistent application across the UK [1].
3. Provide employer incentives: Offering grants or best-practice endorsements to encourage employers to adopt standardized recruitment practices focused on defined skills rather than outdated proxies like certifications alone [1].
4. Standardize security recruitment: Shift recruitment toward clear and inclusive role definitions to attract a broader and more suitable pool of candidates [1].
5. Overhaul training systems: Update and modernize the UK’s cybersecurity training infrastructure to better align education with current and future industry needs [1].

These recommendations aim to align government ambition with educational and industry realities, help SMEs better protect themselves, and build a digitally capable UK workforce for the future.

The report also warns that merely gaining technical skills in AI isn't sufficient to address the challenges posed by AI in cybersecurity. It calls on the government to identify necessary skills to ensure would-be security staff get the right training [1].

Recent cyber-attacks on M&S and Co-op demonstrate the growing threat to UK citizens and businesses. The report suggests that as many as 80% of data breaches are caused by lackluster capabilities in cybersecurity [3]. Dr. Vasileiou warns about the risks posed by a shortage of security professionals [2].

The UK's chronic shortage of cyber professionals is a critical situation, particularly for Small and Medium Enterprises (SMEs) [4]. A national delivery body is proposed to govern the cyber skills 'taxonomy', and employer incentives, such as grants or best-practice endorsements, are suggested to encourage the adoption of standardization in security recruitment [1]. The report recommends shifting recruitment away from outdated proxies (e.g. certifications alone) towards clear, inclusive role definitions [1].

[1] - https://www.appg-cyber.org/resources/reports/cybersecurity-skills-gap-and-the-role-of-education-and-training-in-the-uk [2] - https://www.demontfort.ac.uk/news/2021/11/cybersecurity-skills-gap-report-launched-by-apppg-on-cyber-innovation.aspx [3] - https://www.fortinet.com/content/dam/fortinet-web/global/documents/fortinet-2020-cyber-security-immunity-report.pdf [4] - https://www.gov.uk/government/publications/cyber-security-skills-uk-workforce-2021/cyber-security-skills-uk-workforce-2021 [5] - https://www.theguardian.com/technology/2021/nov/11/uk-cybersecurity-skills-gap-report-calls-for-apprenticeships-and-national-delivery-body

1. The paper by Dr. Ismini Vasileiou suggests creating a national cyber skills taxonomy, which would define specific cybersecurity roles and skill levels, aiming to provide clarity on the required training and potential job paths for aspiring cybersecurity professionals.
2. Recognizing that AI presents socio-technical issues in the cybersecurity field, the report urges the government to identify necessary skills for would-be security staff, ensuring they receive appropriate training to address the challenges posed by AI in cybersecurity.
3. To combat the chronic shortage of cyber professionals and better protect Small and Medium Enterprises (SMEs), the report proposes establishing a national delivery body to govern the cyber skills 'taxonomy' and providing employer incentives like grants or best-practice endorsements to encourage adoption of standardized security recruitment practices.

Read also: