A global survey of almost 20,000 security professionals across banks, governments and multinationals concludes that Britain is facing a cyber-security skills “cliff edge” and that companies are “chronically” underprepared for attacks.
The survey, conducted by (ISC)² – a non-profit organisation that aims to educate people about the risks of being online – shows that the UK workforce is getting older which is exacerbating an already gaping cyber-security skills rift.
Only 12 per cent of the workforce is under the age of 35 and 53 per cent is over the age of 45, the study finds.
A mere 6 per cent of UK companies are recruiting graduates who would have the potential to plug the gap, and 66 per cent already face a cyber-security skills squeeze due to being unable to find qualified personnel.
The data also suggest that employers are largely refusing to hire and train inexperienced recruits. A whopping 93 per cent of UK companies that responded to the survey said that previous cyber-security experience is an important factor in their hiring decisions.
The findings indicate that the skills deficit is already having an effect on British businesses.
Close to half of the UK companies questioned said that the shortfall of cyber-security personnel is having a significant impact on their customers. A similar proportion said that it is already causing security breaches.
“Industry is experiencing a talent shortfall because employers are too focused on recruiting people with existing cyber-security experience,” said Lucy Chaplin, a manager within KPMG’s financial services technology risk consulting group, commenting on the survey.
“[It] is like complaining that there’s a shortage of pilots but refusing to hire anyone who is not already an experienced pilot.”
Rob Partridge, head of BT’s Security Academy, said that “the findings confirm that graduates are being overlooked for cyber-security roles and it is now an economic and security imperative that we change this trend”.
Tuesday’s survey follows a string of similar warnings and a slew of high-profile cyber-attacks that have cost companies both in terms of money and reputation.
Last month, a survey by job site Indeed showed that the chasm between supply and demand for cyber-security expertise is widening at an alarming rate.
The number of cyber-security roles advertised in the UK was the third highest globally, that survey found. As a result, employer demand exceeded candidate interest by more than three times, according to Indeed, resulting in the biggest skills gap of any country in the world, bar Israel.
Lloyds Banking Group said in January that it was working with law enforcement agencies to identify who was behind a cyber-attack that caused its personal banking website to suffer temporary outages earlier in the year.
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies