The Big Cyber Security Skills Gap

<< Back to Blogs

When looking for savings in any organisation, it is often the ‘nice to have’ departments that are the first to be hit. This means that areas such as IT and Marketing are overlooked and frequently seen as unessential in terms of business operation. We understand how this common misconception could mean that businesses across the UK are left with small, inadequate or even non-existent teams to manage the ever-growing world of cyber threats, but is there any member of staff who could take on the challenge? 

The UK’s shortage of skilled cyber security professionals, highlighted in a recent government report stated that “a high proportion of UK businesses continue to lack staff with the technical skills, incident response skills and governance skills needed to manage their cyber security.” The report – published by the Department for Science, Innovation and Technology – found that half of all UK businesses employ people in cyber security roles who lack appropriate skills.

According to the report, there were 160,035 cyber security job postings in the last year, an increase of 30% on the previous year. Employers reported that more than a third (37%) of these vacancies were hard-to-fill. Overall, the report estimated that the UK has a shortfall of 11,200 people to meet the demand of the cyber workforce.

When any area of an organisation is not prioritised -and where training and skills are at dangerously low levels – well, threats are able to access a company’s data more easily, hackers will target these types of organisations and big data leaks happen all too easily. So just why isn’t cybersecurity and training taken more seriously I hear you ask? The saying ‘if it isn’t broken, don’t fix it’ comes to mind, do we all have the mentality where if we haven’t yet been impacted by a cyber attack then we too won’t prioritise its seriousness?

The truth is that hackers from across the globe are developing their techniques and technologies at a rapid rate. We now know that cyber warfare is expanding and that its powers threaten to  bring down economies faster than ever. We too must now look at how we can increase our cyber defence capabilities to help protect our national security, our economy and infrastructure in the UK. 

Cyber security skills may not be at the top of an organisation’s priorities until they are hit by cyber attacks, but by making them a priority for the future, we can all benefit. We have a number of ways in which we can improve our security. From skills training and awareness, to the implementation of managed security – where you hand all of the responsibilities over to a trusted company and your cybersecurity is managed 24/7.

With managed security, you will get continuous monitoring of your security environment and a proactive response to potential threats to help to prevent security breaches and reduce the risk of damage to business. Another great way at handling a skills shortage in an organisation is user awareness training. This is an educational process that helps increase employees’ understanding of data security policies, procedures, and best practices. It enables users to recognise common threats and attacks with the goal to reduce human error.

It is a common misconception that hackers are not targeting smaller companies and focusing on enterprise level organisations. Hackers know the limitations of smaller businesses when it comes to security posture, and therefore work in a ‘power by numbers’ system. Lower rewards but far greater targets to hit. Some cybersecurity staff can also struggle to engage senior leadership with cybersecurity and for others, the issue is that senior leadership acknowledged the importance of cyber security but did not necessarily prioritise it as much as they would have liked. A lack of resources can also be a constraint. 


The latest Government report has made a number of recommendations, all which lead to a better focus on staff training, awareness and the involvement of cyber businesses with schools and colleges (to help lead the next generation). A shift towards better cyber health across the UK must be made through education and development of staff, but also by outsourcing the jobs that we simply do not have the capability of carrying out. 

For more information on how we protect small businesses, please click here.

Alternatively, you can find out all about our managed services and the options we have here. 

Department for Science, Innovation and Technology and Viscount Camrose.
Cyber security skills in the UK labour market 2023. Click here to view the report.