Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

UK Cybersecurity Skills Crisis Heads Towards the Cliff Edge

UK firms are approaching a cybersecurity skills “cliff edge” thanks to a failure to recruit younger professionals combined with older practitioners retiring, according to industry non-profit (ISC)².

The certifications body commissioned the Center for Cyber Safety and Education to poll 19,000 security professionals worldwide as part of its eighth Global Information Security Workforce Study (GISWS).

Two-thirds of UK companies have too few cybersecurity personnel, with 47% claiming the reason is a dearth of qualified applicants.

But many organizations seem to be shooting themselves in the foot by refusing to hire and train inexperienced recruits. Some 93% said previous cybersecurity experience is an “important factor” in hiring, and just 6% said they recruit university graduates.

Partly as a result, only 12% of the cyber security workforce is under age 35, while over half (53%) is over 45, which could cause huge problems for the industry when these professionals retire, (ISC)² argued.

“A continuing industry refusal to hire people without previous experience, and a failure to hire university graduates means Britain is approaching a security skills ‘cliff edge’ due to the perfect storm of an ageing cyber workforce going into retirement and long-term failure to recruit from the younger generation,” argued (ISC)² managing director, Adrian Davis.

“We need to see more emphasis on recruiting millennials and on training talent in-house rather than companies expecting to buy it off-the-shelf. There is a need to nurture the talent that is already in this country and recruit from the fresh pool of talent that is graduating from university.”

Skills shortages are already having a major negative impact on UK organizations.

Nearly half (46%) said it’s impacting customers and a similar number claimed it is actually causing breaches.

What’s more, it could affect their ability to comply with the GDPR, which will mandate a 72-hour breach notification window. Nearly a quarter (22%) of UK respondents said it will take over eight days to remediate systems if they are breached.

For those looking to a career in the industry, salaries remain high. Three-quarters (74%) of UK professionals earn over £47,000 per year and 39% over £87,000.

What’s Hot on Infosecurity Magazine?