Every year the number of cyber attacks increase, as a result, the damage caused is becoming harder to counteract. According to Verizon’s Data Breach Investigations Report, 89% of all cyber-attacks involve financial or espionage motivations, making the ramifications of the cyber attacks even more destructive.
Cybercrime has become a growth industry, with hackers constantly trying to breach networks through the use of malware, social engineering, brute force password attacks. What was once a question of ‘if’ you were going to fall victim of an attack, is now a question of ‘when’.
Why now are we at a higher risk than ever of falling victim to a cyber attack? The answer, the cyber skills gap.
What is the cyber skills gap?
In recent years the demand for IT cyber security specialists has risen dramatically, at more than 13% per year. However, the UK, along with many other countries, is experiencing a shortage in the number of professionals with the existing skill set to fulfil the demand, and with “the current pipeline of graduates and practitioners would not meet growing demand”. This isn't just an issue facing cyber job roles, but in fact the entire british digital economy.
Stephanie Daman, CEO of Cyber Security Challenge UK which runs online competitions to help discover new cyber security talent believes that “we're at a point where the lack of cyber-security skills is really starting to impact businesses – it costs the UK billions of pounds each year, and has become one of the government's tier-one priorities to address.”
The rise of the cyber skills gap
With many organisations struggling to overcome the cyber skills gap, there is now a widespread consensus in the cyber-community that the skills shortage is worsening, and there are plenty of statistics to back that up.
A survey conducted by Intel Security revealed that 82% of businesses, worldwide reported a shortage of cyber security skills in their organisation in 2015, with 71% of respondents believing their organisation is at a far greater risk of falling victim to cyber criminals due to their lack of cyber specialists.
Michael Brown, CEO of Symantec commented that “the demand for the (cyber security) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million”. This is a problem that is having a huge impact on organisations across the world, affecting both their bottom-line and also their reputations.
With the increase in cyber attacks and the huge demand for cyber skills, why are people not jumping at the chance to become skilled in cyber technologies?
We have identified three areas that are having a negative impact on the future of cyber security in the UK:
A large number of Universities and Colleges are failing to update their syllabus to include hot topics such as cyber security.
Research suggests that this is not just an issue that is faced in the UK but also on a global scale - only a handful institutions run courses on subjects surrounding cyber security worldwide.
With the low supply and high demand for cyber security professionals, the cyber-related job roles have seen a huge ramp-up in salaries - cyber security positions pay almost 10% more than any other IT jobs. Need proof? Take a look at Cybrary’s ‘Cyber security job trends’ survey results and see for yourself.
Leadership priorities elsewhere
Not only are cyber skills failing to be acknowledged in universities and colleges, but also in the workplace.
A recent Spiceworks survey shows only 73% of technical leadership prioritises security. Other positions in the C-suite don’t see it as a priority - about half of IT professionals say security is a priority for their CEO and CTO, and less than half say their CFO, COO, or CMO prioritises their organisation's security.
With leadership failing to see the value in cyber security it comes as no surprise that only a mere 29% of organisations have a security expert in their IT department, and only 7% have one on the executive team. However, the Spiceworks report did reveal that 23% of organisations contract outside security experts to help protect their environments and to help bridge the gap.
Lack of government investment
Governments are not investing enough in cyber security. Seventy-six percent of respondents say their governments are not investing enough in programmes to help cultivate cyber security talent and believe that the laws and regulations for cyber security in their country are inadequate.
Not only is there a lack of government investment, but IRM CEO, Charles White, believes that the onerous security checks imposed by the governments and their inability to introduce more appropriate procedures have been a major factor in the lack of cyber skills growth in the UK.
The government has recently accepted its central role in solving the skills gap, through the creation of a five-year, £860 million 'UK Cyber Security Strategy', focusing on developing fresh talent through cyber security education and training in order to bridge the skills gap.
The future of cyber
With the advancements in technology today, it is now being predicted that World War 3 will be fought in cyberspace and not on a battlefield. Don’t let your organisation become a victim, get in touch and discover how QA Consulting can help you detect, deter and defend against potential threats.