CYBERSECURITY LEADS THE FIELD
Cybersecurity has become the fastest-growing technology occupation in the UK, according to the Office for National Statistics (ONS), with the number of roles more than doubling since 2020. With a growth of 128%, it now surpasses IT support, which recorded a 42% increase, as well as IT trainers and IT business analysts, architects, and systems designers, each of which saw growth of 33%. However, although the rapid expansion of the cybersecurity profession is a positive development, research highlights a significant shortfall in personnel, with just one security professional for every 86 companies in the UK. Andy Kays, an experienced CEO and CTO, says:
“Cybersecurity may be the fastest growing IT occupation in the UK but the skills shortage in the industry remains a concern. Many businesses simply do not have the specialists they need to defend against cyberattacks.”
He added that a solution to address this skills shortage is through education at the school level:
“To fix this problem at a national level, we need more initiatives like the NCSC-backed Academic Centres of Excellence and ways to reach even younger people so that they can discover technology in schools.”
GOV.UK SPEAKS STATISTICS
According to the “Cyber Security Skills in the UK Labour Market 2024” report, published by the Department for Science, Innovation & Technology, the proportion of UK businesses with basic and advanced technical skills gaps has remained largely unchanged over the past six years. It is estimated that around 637,000 businesses (44%) have a basic skills gap, where employees responsible for cybersecurity lack the confidence to perform fundamental tasks outlined in the government-backed Cyber Essentials scheme and are not using external providers for these tasks. Additionally, approximately 390,000 businesses (27%) face gaps in advanced skills, such as penetration testing, skills that are not outsourced but are considered essential for organisations with more complex cybersecurity requirements.
THE ROLE OF AI
In 2024, an estimated 30% of cyber firms reported experiencing a technical skills gap, a notable decrease from 49% in 2023. Significant declines have been seen across several areas, including security testing (23%, down from 35%), although gaps in cryptography and communication security have risen (24%, up from 12%). Qualitative research revealed that employers and recruiters anticipate that artificial intelligence will significantly reshape the cyber skills landscape, though there is considerable uncertainty about how this will unfold. Four potential developments were identified: increased automation of cyber tasks (potentially resulting in job losses), a growing need for skills to interpret and utilise AI tools, a shift towards roles defined as ‘AI cyber’ rather than simply ‘cyber’, and the emergence of deep specialisms such as ‘cyber security machine learning’.
UK VERSUS THE WORLD
Research brings to the front several challenges businesses encounter when searching for suitable candidates, raising the question: How deep is the talent pool in the UK compared to other countries globally? According to data from Indeed, it is relatively shallow. Hiring platform Indeed reported that the UK has the second-largest skills shortage worldwide, with only Israel experiencing a greater shortfall. In Britain, job seeker interest meets just 32% of employer demand, and this gap continues to widen. Mariano Mamertino, an economist and labour market researcher, says:
“The problem is fast approaching crisis point, and British businesses will inevitably be put at risk if they can’t find the expertise they need to mitigate the threat.”
While the UK faces a particularly severe skills shortage, many other countries are experiencing similar challenges. A global shortfall of around 1.8 million professionals is projected within the next five years. In the UK, a key contributing factor is employers’ reluctance to hire candidates without prior experience. Only 12% of the UK workforce is under the age of 35, while more than half are over 45. Despite the growing demand for skilled professionals, just 6% of British companies are currently recruiting graduates to address these gaps. Lucy Chaplin, a CTO and former manager at KPMG UK, says there is too much focus on existing experience:
“It is like complaining that there’s a shortage of pilots but refusing to hire anyone who is not already an experienced pilot.”
GOVERNMENT RESPONDS TO ADDRESS THE SKILLS GAP
The UK government’s £2.6 billion National Cyber Strategy is focused on increasing both the number and diversity of skilled cyber professionals. To support this, funding is being directed toward regional skills projects across England and Northern Ireland, offering targeted cyber training and helping businesses strengthen their digital defences. Initiatives such as the Cyber Explorers competition aim to engage young people and encourage the development of cyber and tech skills from an early age. In addition, government support for basic digital skills courses ensures that everyone has the opportunity to build essential online safety capabilities. The Cyber Security and Resilience Bill is designed to safeguard critical digital services, modernise infrastructure, and strengthen the security of supply chains. Practical entry routes into the sector, including apprenticeships like the Critical National Infrastructure scheme, provide hands-on experience for those starting their careers in cybersecurity.
INDUSTRY RESPONDS TO ADDRESS THE SKILLS GAP
Investing in comprehensive training programmes, workshops, and certification opportunities is essential for enhancing the skills of both current and aspiring cybersecurity professionals. Mentorship programmes within organisations support knowledge sharing and skill development, while collaboration between the public, private, and educational sectors plays a key role in building a resilient cyber workforce. With the growing importance of artificial intelligence in the field, initiatives are increasingly focused on developing AI-related skills, alongside expertise in emerging technologies such as cloud computing, zero trust architectures, and incident response. Addressing specific skills gaps in areas like digital forensics, cyber threat intelligence, and security testing remains a priority. Efforts to promote diversity in the sector are also crucial, as they bring a broader range of perspectives and capabilities. Encouraging internal talent mobility helps employees transition into cyber roles and grow relevant skills, while managed IT service providers offer an effective solution for businesses seeking specialised expertise. However, despite these initiatives, the demand for qualified cybersecurity professionals continues to exceed the available supply.
WISE WORDS FROM CYBER LONDON
Two Cyber London directors, Raj Rajarajan, Professor of Security Engineering at City St. George’s University of London, and Mark Child, CEO of Quantum Evolve, have some invaluable insights about how we can address the cyber skills gap.
Raj focuses on the need to focus on industry-academia collaboration to best address the cyber skills gap. He says:
“There is an urgent need to do a mapping exercise to understand the specific areas of cybersecurity where there is a skills gap, especially the level (beginner, intermediate and expert) at which is required. Also, there is a need to understand the impact of the current training and certification programmes in the UK, as many cannot find a job even after completing these courses. Hence, we are not training at the levels to the needs in the industry.”
Mark, on the other hand, stresses the importance of preparing for the impact of AI and commented:
“While AI’s impact on cybersecurity is inevitable, the extent and direction of change remain uncertain. However, what is clear is that professionals who embrace AI technologies, whether by upskilling or transitioning into new areas, will be better positioned to navigate the evolving cyber landscape. The industry is moving towards a future where AI is not just an accessory to cybersecurity but a foundational element of cyber defence strategy. Cyber professionals must ask themselves: Will they adapt and lead in the AI cyber era, or risk being left behind?”
Please reach out to Cyber London for more information on cyber skills. You can also participate in our LinkedIn poll.
