The rapid pace of change in the digital world is creating a significant gap in talent and skills.
Generative AI, for example, has captured the imagination of consumers and fuelled discussion among businesses and policymakers. Within just a few months of the launch of the most popular generative AI tools, one in four people in the UK had already tried out the technology.
It's exciting that we can see value being created across industries and society. Organizations are using AI tools to support important efforts, for example, to cut carbon, enable clinicians to maximize the time they spend on patient care and even to respond to humanitarian crises.
The explosion of such technology should – and must – be the catalyst for cyber talent growth too, capitalizing on the tech sector growth in the UK.
A Widening Skills Gap
In the cybersecurity industry we are being asked to support the protection of value as these emerging technologies and approaches are deployed. From protecting against data leakage or data poisoning of the underlying data models being used, to novel approaches to DevSecOps when the code is written by generative AI.
Many business leaders have cited a technical talent shortage as the single biggest barrier to the adoption of AI. That doesn’t even get into the talent shortage of those that can understand how to help organizations be confident that their value is protected when making most of the AI opportunity.
These skills gaps are widening during a time when the UK cyber talent pool is running thin. Currently the UK struggles with a cyber skills shortage, with an estimated shortfall of 11,200 people to meet the demand of the cyber workforce, as highlighted by recent government research.
It also reported that 50% of all UK businesses have a basic cybersecurity skills gap, while 33% have an advanced cybersecurity skills gap (these figures are similar to 2022 and 2021). It appears that this situation is likely to further exacerbate in the coming years unless steps are taken to address these challenges.
Navigating the Skills Shortage
To collectively resolve the cybersecurity talent shortage, it can be helpful to understand why it exists in the first place.
Firstly, there’s a lack of awareness about the industry itself. As cyber threats have evolved so, too, has cybersecurity – and, as a result, the awareness level around what the profession entails varies greatly.
Many senior leaders, for instance, still believe cybersecurity is primarily a highly technical profession and aren’t aware that it can also include many non-technical roles.
Secondly, for many organizations, running an effective cybersecurity program is seen as ticking a compliance box that can act as a blocker to innovation. It shouldn’t be this way. We know there are significant commercial reasons and opportunities behind investing in cyber security and cyber talent.
There is also a gender inequality issue. Like many Science, Technology, Engineering, and Math (STEM) workforces, cybersecurity is predominantly male, resulting in a self-perpetuating gender gap. Many women drop out of STEM programs before ever entering the job market, due to the gender imbalance in the field.
Paving a Way Forward
To help close the skills gap and deepen the cybersecurity talent pool, one thing organizations can focus on is recruiting people from diverse disciplinary backgrounds.
Successful cybersecurity teams are strengthened by a varied mix of skills so it makes sense to broaden recruitment efforts.
As part of a firm that’s committed to supporting good business that shapes society in a positive way, we have a duty to keep AI safety and security at the top of the agenda and lend our skills to the industries we can help to strengthen and grow.
One program which is helping to accelerate efforts in attracting the next generation of potential recruits is CyberFirst, an exemplar initiative by the National Cyber Security Centre (NCSC). CyberFirst is inspiring and enabling young people to explore their love of tech by introducing them to the world of cybersecurity, and the exciting career opportunities that come with it.
Having been selected to be a CyberFirst Partner for 2023/24 in recognition of our support across the full range of CyberFirst activities, Deloitte is looking forward to continuing to work closely with the NCSC and sitting on the CyberFirst Industry Advisory Board.
One such activity which Deloitte supported and hosted last year was the regional final of the 2023 CyberFirst Girls Competition in London.
The competition, which had over 8,700 girls from the ages of 12-13 take part, featured challenging cyber-related puzzles and activities, aiming to inspire and raise awareness about careers in the industry and address the gender imbalance in the cyber industry.
The competition also included presentations on topics like ethics in AI and encouragement from industry professionals, highlighting a shared objective in fostering a diverse and skilled future cyber workforce. It was an incredible opportunity to see amazing talent on display, hear the vibrant energy and sense the future potential of these finalists.
These initiatives reflect a commitment to using cyber for good, focusing not only on addressing current industry challenges but also on building a robust and diverse talent pipeline for the future of the sector in the UK.
By bringing our expertise and knowledge of the cyber market, we’re hoping to play a key role in collaborating across industry and academia and inspire a next generation of cyber talent.