The recently published UK Government’s Cyber Security Skills in the UK Labour Market 2023 report offers a startling statistic: half of all UK businesses suffer from a basic cybersecurity skills gap. There has been minimal progress in resolving this issue, with the 2022 report citing that 51% of companies lacked these rudimentary abilities.
Simultaneously, Australia grapples with similar challenges. The country continues to experience a skills shortage in the cybersecurity sector, threatening the robustness of their digital infrastructure. Both countries acknowledge the considerable deficit of professionals needed to meet the burgeoning demand in cybersecurity. The UK report cites a shortage of approximately 11,200 cyber workforce individuals, an improvement from 14,100 the previous year.
Notably, Brian Higgins of Comparitech.com emphasised that the high cost and time-intensiveness of certifications like CISMP and CISSP contribute significantly to this stagnation, erecting socio-economic barriers to entry for prospective cybersecurity professionals.
Australia’s Cybersecurity Initiatives
In Australia, the situation is no less urgent. The 2023 Australian Cyber Security Growth Network’s (AustCyber) report pointed out a similar skill gap. To address this, the Australian Government’s Department of Home Affairs has outlined several initiatives under the Cyber Security Strategy 2023 -2030.
Minister for Cyber Security, the Hon. Clare O’Neil MP, announced the development of the 2023-2030 Australian Cyber Security Strategy (the Strategy), in December 2022, However many industry experts believe that the pace is slow and the tangible benefits of the program are yet to be felt in the business market.
Reflecting on these issues, Europe has taken several measures to cultivate the cyber skills ecosystem. Various European governments have implemented initiatives to encourage more individuals to take up cybersecurity professions, recognizing the vital need for these skills in a digitalizing world.
Javvad Malik of KnowBe4 underlined the need for companies to invest in creating inclusive, nurturing environments to attract and retain employees. These efforts would benefit not only newcomers but also traditionally underrepresented groups in the industry.
However, the issue of diversity in the sector remains a concern. In the UK, only 17% of the cyber workforce comprises females, and merely 14% of senior roles are held by women. Lisa Ventura, a diversity advocate, argued that the industry needs to make women feel more welcome and mitigate instances of abuse and bullying.
In the UK, Amanda Finch, CEO of The Chartered Institute of Information Security (CIISec), claimed: “There’s no shortage of talent – the issue is locating and correctly supporting it. If the industry doesn’t act on this, then others will, and we may see that talent go elsewhere – potentially even to the bad guys. Security must act quickly and resolutely to ensure this isn’t the case, and instead help the industry reach its full potential.”
Amanda Finch, CEO of The Chartered Institute of Information Security (CIISec)
CIISec offers the UK’s first and only Extended Project Qualification (EPQ) in cybersecurity, giving students from age 14 and up the best possible opportunity to kick-start their cybersecurity career.
Lessons from Europe: Germany and Switzerland Lead the Way
In the European Union, several countries have taken a lead in devising innovative approaches to overcome the cybersecurity skills shortage. In Germany, for example, the Federal Government has implemented the National Initiative for Information and Internet Security (NIIIS). The initiative aims to enhance Germany’s cybersecurity capabilities through public awareness, professional education, and advanced training programs.
Germany's Federal Commissioner for Data Protection and Freedom of Information, Ulrich Kelber, emphasised the need for collaboration, saying, "We are partnering with educational institutions, industry bodies, and federal states to promote cybersecurity education and professional development."
Meanwhile, Switzerland has been focusing on vocational training to address the skills gap. The Swiss Federal Council has introduced a Federal Diploma in Cybersecurity, a four-year vocational course providing a practical and academic grounding in the subject. The Federal Department of Defence, Civil Protection and Sports has also launched the National Centre for Cybersecurity as a part of its National Strategy for Switzerland’s Protection Against Cyber Risks.
Switzerland's Federal Data Protection and Information Commissioner, Adrian Lobsiger, underscored the importance of the government's commitment, stating, "These initiatives are not just about filling current job vacancies; they represent our long-term strategy for creating a robust digital society."
However, Jamie Akhtar, CEO of London based Cyber security company, CyberSmart warned that the persistent security skills gap is not the only concern; there are "undercurrents" that need to be addressed, such as a lack of confidence in incident response, an area that seems to be trending upwards in the importance.
As part of its £2.6 billion National Cyber Strategy, the UK government is striving to increase the diversity and number of skilled cybersecurity professionals. Other European nations have similarly introduced national cybersecurity strategies, underlining the importance of fostering a strong cyber ecosystem.
This comprehensive approach must also ensure the removal of socio-economic barriers to entry, making the industry more accessible. By implementing a variety of strategies – such as scholarship programs, vocational training, diversity initiatives, and public-private partnerships – these regions can cultivate a robust, diverse pool of cybersecurity talent prepared to safeguard our increasingly digital world.
