The national cyber skills gap persists despite years of government-backed initiatives, as latest figures show that more than half (51%) of all private sector businesses in the UK have identified a shortage of basic technical cybersecurity skills.
An estimated 697,000 businesses in the UK have low confidence in carrying out basic tasks like setting up automatic software updates and securely transferring personal data, for example, according to a national cyber skills survey conducted by the Department for Media, Culture and Sport and Ipsos published yesterday (3 May). These figures are “in line” with previous annual studies of the UK’s cyber labour market, the report said.
Those polled were asked to report how confident they would be to carry out specific cybersecurity tasks covered by the government-backed Cyber Essentials accreditation scheme, which has been running since 2014. The report considers those who are not very confident or not at all confident undertaking these tasks to have a skills gap.
The areas with the most striking skill gaps are in setting up configured firewalls, storing or transferring personal data, detecting and removing malware, as well as restricting software that runs on business-owned devices. Over a third of businesses surveyed indicated low confidence in firewall configuration and malware detection, while 29% also expressed low confidence with personal data security. These specific tasks have topped the list of skill areas that organisations have low confidence with and remain unchanged from previous studies conducted by the DCMS, the report said.
Across these areas based on type of organisation, charities continue to display a striking lack of confidence in performing basic cybersecurity tasks, compared to large businesses and the public sector. A third of charities surveyed expressed low confidence in setting up configured firewalls and storing or transferring personal data securely.
According to the report, information and communications businesses are among the least likely to indicate basic skills gaps, while these skills deficiencies are more pronounced in the hospitality and construction and food sectors. Tech Monitor recently reported on a data breach at UK food production firm Greencore, which could leave the company facing legal action from staff whose personal information was compromised.
The report also noted that there was no “clear upwards or downwards” trend in the past four DCMS surveys, and that the latest figures have “fluctuated”. It also suggested that these figures remain largely unchanged from the first 2018 study, and that there was an “ongoing need for basic cybersecurity advice and guidance to organisations outside the cyber sector.”
Part of the reason for this stagnation could be down to UK businesses simply being unaware of government initiatives to improve basic cybersecurity practices. Only 16% of businesses in the UK had heard of the Cyber Essentials scheme in which companies can conduct self-assessments to understand the cybersecurity of their assets, while only a third have heard of the Cyber Aware email security programme. The schemes have been operating since 2014 and 2020 respectively.
This apparent lack of awareness among UK businesses has meant that the take-up for such schemes has remained strikingly low - just 6% of organisations had undertaken the Cyber Essentials certification process, while this figure was even lower (1%) for the Cyber Essentials Plus scheme, according to the government’s latest Cyber Security Breaches survey.