The UK government recently published an in-depth report exploring the state of the cyber security skills market. The report highlights important trends that have implications for organisations across the UK. Here’s an overview of the key findings and what they mean for your organisation’s cyber security.
High Demand for Cyber Security Professionals Continues
The report found that demand for cyber security roles continues to grow rapidly. Job vacancies for core cyber security roles rose by 33% in 2022. There are signs demand may be slowing slightly, but it remains high historically.
For organisations, this competitive jobs market makes recruiting and retaining skilled cyber security staff more difficult. With cyber attacks on the rise globally, it’s essential your organisation has the expertise in place to protect itself. Be prepared to invest time in sourcing suitable candidates and make your company an attractive proposition through competitive salaries and benefits.
Remote Working Opens Up the Talent Pool
Remote and hybrid working is now common in cyber security roles, with 28% of vacancies specifying no fixed location. This trend expands your potential talent pool as candidates no longer need to be based near your offices.
To benefit, highlight remote working options in job ads and be open to applicants further afield who have the right skills. Also ensure your infrastructure supports remote security work. Remote working can aid diversity too by enabling you to draw candidates from a wider range of backgrounds.
Developing Staff a Double-Edged Sword
The report highlighted that training staff and enabling them to gain qualifications can be a “double-edged sword.” While essential for attraction and retention, it also makes them more marketable. Some organisations find staff leave after receiving training.
Balance is key. Don’t neglect development, as skilled staff will go elsewhere. But have long-term contracts or incentives to encourage trained staff to stay. Also use training budgets strategically. Identify non-portable skills specific to your company infrastructure to prioritise.
Incident Response an Increasing Concern
41% of businesses surveyed felt they lacked the skills to respond effectively to a cyber attack. This is up from 27% in 2020, indicating a trend.
Incident response is complex. Given attacks are becoming more sophisticated, validate your incident response plan and procedures. Use simulations to practice response. Consider whether outsourcing aspects of incident response would benefit your organisation.
Develop Clear Career Pathways
The report highlighted the cyber security profession’s lack of defined career pathways. For larger organisations, it’s beneficial to develop cyber security career frameworks, outlining possible job roles and progressions.
This aids recruiting by showing clear advancement opportunities. It also helps you identify and address skills gaps in your current team. The government’s Cyber Security Career Route Map can inform your framework.
Focus on Widening the Talent Pool
With high demand, tapping into under-represented talent pools in cyber security is key. But the report found diversity remains an issue, especially at senior levels. Just 17% of the cyber workforce are female, for example.
Review where your organisation may unintentionally exclude groups. For instance, do job ads use biased language? Are interviews accommodating for neurodiverse candidates? Consider outreach initiatives targeting under-represented groups. Working with schools, colleges and universities can help build a diverse pipeline.
The government report provides valuable data for organisations. Keeping up with cyber security skills demands is challenging but essential. Analyse where your organisation can develop in terms of recruiting, retention and skills development. Partnering with government, education and the cyber security industry will also help address the UK’s cyber skills gap.