UK Businesses Must Use the Apprenticeship Levy to Boost Cybersecurity Skills

Written by

Despite the majority of senior managers citing cybersecurity as a high priority, only 10% of UK firms have an incident management plan. What’s more, only 29% of firms surveyed in last year’s Cybersecurity Breaches Survey have formal written cybersecurity policies.

Even organizations that recognize the need for better cybersecurity are struggling. The UK’s cyber skills shortage (second only to Israel) curbs businesses and restricts them from hiring the professionals they need. Yet this could change when the Apprenticeship Levy arrives in April, potentially introducing thousands of skilled cybersecurity professionals into the work force.

What is the Apprenticeship Levy?

The Apprenticeship Levy will revolutionize the way organizations hire and train cybersecurity professionals. When the Levy is introduced on April 6 2017, all employers operating in the UK with an annual pay bill over £3 million will be required to invest in apprenticeships.

If your annual pay bill is over £3 million, 0.5% of this sum must be paid monthly into your digital services account (launching in February). The government will also provide a 10% ‘top-up’ to the funds you contribute to the Levy, so for every £1 you put in; you’ll get £1.10 to spend on apprenticeships.

However if you don’t spend this cash it will be permanently lost - Levy funds will expire 24 months after they enter your digital services account.

Employers with an annual pay bill of under £3 million will not pay the Levy, but will be similarly incentivised as when the new funding system begins in May 2017, these businesses will only need to pay 10% of the total cost towards hiring an apprentice. The remaining 90% will be paid by Government.

Levy-paying employers will be able to register for their Digital Apprenticeship Service account in February.

What can businesses do right now?

Businesses - whether they pay the Levy or not - should use this opportunity to hire and train cybersecurity professionals through the government’s new standards. This is a critical opportunity to bring in IT security skills.

Currently, two IT security apprenticeship standards are ready for delivery: Level 4 Cybersecurity Technologist and Level 4 Cyber Intrusion Analyst. These two-year apprenticeships are based on standards developed by IT industry leaders. They’re specifically designed to create professionals who can fill the cybersecurity-sized holes left by the skills gap.

These cybersecurity standards provide a roadmap for the apprenticeship, determining what skills and knowledge they’ll get during their programme.

On top of this, these apprenticeships include industry-recognized training from vendors like EC-Council, (ISC)2 and ISACA. However, the range and quality of training varies from apprenticeship providers, so make sure to do your research.

It’s worth noting that you can also use your Levy funds to put existing employees on cyber-apprenticeships, boosting your cybersecurity skills without recruitment.

The Apprenticeship Levy might be months away but to hire in April, UK businesses must start planning now. Because whilst most apprenticeship providers will control recruitment for you, it can still take months to find your ideal candidate. The sooner you finalize your Levy plans, the sooner you can hire new security professionals at little-to-no cost.

Prepare to secure your business 

Only by embracing new initiatives, like the Apprenticeship Levy, can UK firms hope to overcome the cybersecurity skills shortage. Businesses must use their Levy to build cybersecurity skills by hiring apprentices and training current staff.

New complex threats, like IoT expansion and other huge security risks, are set to dominate 2017 so the sooner organizations can boost cybersecurity skills, the better prepared they’ll be to resist costly data breaches.

The introduction of the Levy could potentially close the cyber skills gap. With thousands more cybersecurity professionals in the workforce, every business will be better protected.

What’s hot on Infosecurity Magazine?