The UK’s ‘chronic shortage of cyber professionals’ is putting the country at risk

A shortage of cybersecurity specialists is leaving the UK at serious risk of attacks unless urgent action is taken to plug critical gaps.

That's according to a researcher at De Montfort University, who wrote a paper for the All-Party Parliamentary Group (APPG) on Cyber Innovation with a to-do list to help fill the country's long-running skills gap.

The paper called on the government to focus on clearly identifying the necessary skills in order to ensure would-be security staff get the right training.

Dr Ismini Vasileiou, an Associate Professor at De Montfort University Leicester and director of the East Midlands Cyber Security Cluster (EMCSC), warned that a shortage of security professionals poses huge risks to the UK.

Indeed, a report from Fortinet suggests as many as 80% of data breaches are caused by lackluster capabilities on this front.

"Recent arrests in relation to cyber-attacks on M&S and Co-op show the real and growing threat faced by UK citizens and businesses," she said in a statement. "What doesn’t make the headlines is the UK’s chronic shortage of cyber professionals."

"This is emerging as a critical situation for SMEs, which are the backbone of the UK economy but which are increasingly exposed as they race to meet modern digital expectations and standards," Vasileiou added.

The cybersecurity sector faces huge challenges

Part of the problem, the report noted, is "misaligned supply and demand", with universities and training networks producing thousands of graduates annually, but employers still reporting shortages.

"The disconnect lies in the types of skills being taught versus those needed—particularly at mid-level and specialist tiers," the report noted.

The paper also highlighted the difficulty of joining the industry at graduate level, calling for more apprenticeships to help develop applicable skills for aspiring security professionals.

"Entry-level pathways are limited and confusing, with job adverts frequently demanding years of experience," the report noted.

All of that is exacerbated by disruption in the industry from automation and AI, according to Vasileiou. AI solutions aren’t just being used by professionals operating in the sector, but by threat actors to fine-tune capabilities and accelerate attacks.

While learning AI fundamentals is key, merely gaining technical skills in such technologies isn't sufficient, the report warned.

"AI is not just a technical problem — it is a socio-technical issue requiring interdisciplinary thinking," the paper added.

"There’s currently a mismatch between Government industrial ambition and educational reality," she added. "We won’t secure a 21st Century digital economy with a 20th Century skills pipeline."

Five steps to close the skills gap

To address this confluence of issues, Vasileiou’s paper outlined five key steps to improve the cybersecurity training situation across the country.

This includes calls for the Department for Science, Innovation and Technology (DSIT) to set up a taskforce to create a cyber skills ‘taxonomy’.

The report noted this will define roles, career pathways, and skill levels, helping to ensure we know what training is needed and what jobs it will lead to. The next step is to set up a national delivery body to govern that taxonomy.

Beyond that, Vasileiou called for employer incentives — such as grants or best-practice endorsements — to encourage the adoption of standardization in security recruitment with regard to skills.

"This will help shift recruitment away from outdated proxies (e.g. certifications alone) toward clear, inclusive role definitions," the report added.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

• Cybersecurity certification vs degree: Which is best for your career?
• A guide to cyber security certification and training
• Check out our top picks for online cybersecurity training courses