UK firms are approaching a cybersecurity skills “cliff edge” thanks to a failure to recruit younger professionals combined with older practitioners retiring, according to industry non-profit (ISC)².
The certifications body commissioned the Center for Cyber Safety and Education to poll 19,000 security professionals worldwide as part of its eighth Global Information Security Workforce Study (GISWS).
Two-thirds of UK companies have too few cybersecurity personnel, with 47% claiming the reason is a dearth of qualified applicants.
But many organizations seem to be shooting themselves in the foot by refusing to hire and train inexperienced recruits. Some 93% said previous cybersecurity experience is an “important factor” in hiring, and just 6% said they recruit university graduates.
Partly as a result, only 12% of the cyber security workforce is under age 35, while over half (53%) is over 45, which could cause huge problems for the industry when these professionals retire, (ISC)² argued.
“A continuing industry refusal to hire people without previous experience, and a failure to hire university graduates means Britain is approaching a security skills ‘cliff edge’ due to the perfect storm of an ageing cyber workforce going into retirement and long-term failure to recruit from the younger generation,” argued (ISC)² managing director, Adrian Davis.
“We need to see more emphasis on recruiting millennials and on training talent in-house rather than companies expecting to buy it off-the-shelf. There is a need to nurture the talent that is already in this country and recruit from the fresh pool of talent that is graduating from university.”
Skills shortages are already having a major negative impact on UK organizations.
Nearly half (46%) said it’s impacting customers and a similar number claimed it is actually causing breaches.
What’s more, it could affect their ability to comply with the GDPR, which will mandate a 72-hour breach notification window. Nearly a quarter (22%) of UK respondents said it will take over eight days to remediate systems if they are breached.
For those looking to a career in the industry, salaries remain high. Three-quarters (74%) of UK professionals earn over £47,000 per year and 39% over £87,000.