The cybersecurity industry in the UK is booming. According to the latest Cyber Sector Report, published by the Department for Culture Media and Sport (DCMS), the sector rallied in 2021, generating a revenue of £10 billion. This represents a 14% year-on-year increase. The same report revealed that the industry also contributed £5.3 billion to the UK economy in 2012, up from £4 billion in 2020. With sophisticated cyber threats always on the increase, along with the prevalence of bad actors, the government is committed to investing in cybersecurity. Digital Secretary, Nadine Dorries, praised the efforts made by UK cyber firms to keep our IT environments safe and secure and said:

“Hundreds of British firms from Edinburgh to Bristol are developing and selling cutting-edge cyber tools around the world that make it safer for people to live and work online.”

That said, one of the biggest challenges facing the sector is a marked shortage of cyber skills.


The Cybersecurity Skills in the UK Labour Market 2022 report, published in May this year by the DCMS, claims that an unacceptably high proportion of UK businesses lack employees with technical, incident response, and governance skills to manage their cybersecurity and be compliant with the government-endorsed Cyber Essentials scheme. The DCMS estimates that

  • 697,000 (51%) of UK businesses have a basic cyber skills gap and are unable to effectively set up firewalls, store and transfer data, or detect and remove malicious malware.
  • 451,000 (33%) businesses have advanced cyber skills gaps relating to forensic analysis of cyber threats and security architecture.
  • 37% of businesses, an increase of 5% compared to 2020, possess an internal skills gap pertaining to incident response and recovery, and business continuity. Many of these don’t have the resources to outsource this critical aspect of cybersecurity.

An alarming fact is that excluding the cyber and IT industries, 85% of individuals in cybersecurity roles have transitioned from non-cyber roles.


The cyber industry is also experiencing massive technical skills gaps. 47% of companies cited a shortfall of skills in incident management, investigation and digital forensics. And while some may have cybersecurity expertise, 41% of cyber firms have experienced a complementary skills gap in the last 12 months. Existing employees, on-boarders, and job applicants alike lack communication, management, sales or marketing skills, and also struggle with technical report writing. From a global perspective, the cybersecurity sector was short of 2.7 million skilled workers in 2021, an improvement over the 3.1 million in 2020. The current shortfall in Europe is 199,000 with the UK’s contribution standing at 33,000. Clar Rosso, the CEO of the International Information System Security Certification Consortium (ISC)², explained the seriousness of this situation and said:

“The global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets.”

Like doctors, nurses and teachers, the role of cybersecurity professionals should be considered essential, as more than ever, our physical and mental wellbeing are reliant on the digital world. As Sandra Wheatley Smerdon, a Senior VP at the American cybersecurity firm, Fortinet, said:

“These people devote their lives to helping to keep the world safe and healthy. And although a career in cybersecurity might not be the first job to come to mind, cybersecurity professionals protect the digital world from cybercrime much the same way that police officers protect neighbourhoods.”

At the moment, the sector is shrinking while cybercrime continues to be an ever-increasing thorn in the side for all businesses.


Some like to politicise the issue and blame Brexit for the cyber skills gap with the loss of 130,000 skilled workers in a year. Nevertheless, there are many other factors that come into play. These include:

  • training staff in specific products rather than specific security frameworks and consequently employees don’t get the transferrable skills that they need
  • inadequate investment in technology such as artificial intelligence, automation and analytics that would speed up security processes
  • competition within the cyber sector
  • lack of candidates with the necessary cybersecurity skills
  • high salary demands
  • lack of financial resources


Education and training are at the core of the solution. Employees need to train new staff or upskill existing employees. Plus, the training providers must provide programmes that meet the standards of Cyber Essentials and beyond. Apprenticeships are an easy route to bolster the cyber skills within your business. Apprenticeships typically cover a range of technical skills and knowledge, employers are directly involved in the training process, and this means that businesses can also build their own in-house cyber expertise. Better still, apprenticeships are available, including funding, in cyber risk management, cyber security and security analysis. Rosso reflected on her company’s 2021 (ISC)2 Cybersecurity Workforce Study and said:

“Any increase in the global supply of cybersecurity professionals is encouraging, but let’s be realistic about what we still need and the urgency of the task before us. The study tells us where talent is needed most and that traditional hiring practices are insufficient. We must put people before technology, invest in their development and embrace remote work as an opportunity. And perhaps most importantly, organizations must adopt meaningful diversity, equity and inclusion practices to meet employee expectations and close the gap.”


With over 20 years in the business of professional IT support, specialising in cybersecurity, I can help you solve any cyber skills shortage issues you may have. I am an advocate of ongoing IT education and training. As such, I agree with Clar Rosso that much more needs to be done to narrow the cyber skills gap and keep us all safe online. Call me today and let’s tackle and irradicate your cyber skills deficit together.

Leave a comment