The cyber security skills gap has been growing for years, and the problem is particularly bad in the UK. A report by job listings site Indeed found that the UK has the second largest demand for skilled IT professionals in the world. But what effect is this having on organisations, and how can it be mitigated?
The most obvious effect is that it’s increasing the workload of existing staff. In many cases, employees’ time and resources are spread so thinly that the quality of the work suffers. Employees often say that they spend too much time on incident response and not enough on planning ways to prevent incidents from recurring and to mitigate the risk of serious incidents.
Organisations that know that they are understaffed are often forced to hire people who lack the necessary skills and experience. Although these new recruits can help with routine work, senior staff will need to provide on-the-job training, which prevents them performing their own tasks.
All of this means that organisations are unprepared for major security incidents, which could cause substantial damage and affect business operations.
There’s another problem. The increased demand for cyber security staff has given those with the right skills considerable leverage over employers. Someone with the right skillset could find work practically anywhere, so organisations need to give them a reason to choose them. This typically means generous pay rises, with the average cyber security wage increasing by 10% in 2017.
Filling the skills gap
Commenting on Indeed’s report, Mariano Mamertino, economist for Europe, the Middle East and Africa at the organisation, said: “The problem is fast approaching crisis point and British businesses will inevitably be put at risk if they can’t find the expertise they need to mitigate the threat.
“This should serve as a wake-up call to Britain’s tech sector – it must pull together to […] attract more people into cyber security roles.”
However, some cyber security experts believe the skills shortage is a “myth”. They argue that there are plenty of people with the skills to work in the field, but because we treat cyber security as a standalone discipline, rather than placing it under the much wider umbrella of IT, many people don’t consider it a career they are equipped to pursue.
Some organisations have begun to address this. A 2017 survey by (ISC)2 found that hiring managers were exploring new recruitment strategies and attempting to entice previously unqualified people.
The report states: “Individuals with non-technical previous careers often rise to become key decision makers in their organizations: globally, 33% of executives and C-Suite professionals began in a previous non-technical career.”
It adds: “It will be important, if not essential, to consider the relevant educational foundations, training and professional development opportunities that support the breadth of people with potential to enter the field in order to fill the worker shortage.”
If you’re interested in a career in cyber security, you’ll need to demonstrate your knowledge by way of professional qualifications. Cyber security is a complex, multidisciplinary field and has careers to suit any number of skills, so it’s worth taking some time to research which specialties are right for you.
For example, if you’re interested in the way you can use hacking skills for good, you might want enrol on our Certified Ethical Hacker (CEH) Training Course. An ethical hacker is someone that an organisation hires to look for vulnerabilities in its systems or applications, allowing it to address problems before they are exploited.
The Certified Ethical Hacker (CEH) certification is globally recognised as the vendor-neutral qualification of choice for developing a senior career in penetration testing and digital forensics. Our course is led by an information security consultant with over ten years’ experience.
You might also be interested in our Managing Cyber Security Risk Training Course. This three-day course helps practitioners formulate plans and strategies for improving cyber risk management in their organisations. It draws on real-life case studies and provides insights that will enable you to create a blueprint for a plan that includes the implementation of technical measures and accounts for the people, processes, governance, leadership and culture in your organisation.