The UK Cyber Security Council – the self-regulatory body for the cybersecurity education and skills sector – has issued a rallying call for industries to recommit to investment in cybersecurity skills development as they transition back to regular working practices following the disruption caused by the COVID-19 pandemic.
Research by the London School of Economics during lockdown revealed that organisations’ approaches to training have shifted, with firms increasingly taking the quick-fix approach through recruitment rather than a broader training approach across wider teams. The total number of days trained per trainee in the UK dropped from 7.8 in 2011 to 6.4 in 2017, a fall of 18%, while total training expenditure per trainee fell by 17%. The decline applies across a variety of sectors, including cybersecurity.
This trend has worsened during the pandemic, which has forced many companies to either scale back spending or simply to try to meet the challenge of delivering existing training programmes and course materials to a newly remote workforce.
The skills challenge is supported by the latest data from the Department for Digital, Culture, Media and Sport, which revealed that 30% of cyber firms have found it hard to fill generalist roles (where employees are expected to work in a range of cybersecurity areas). Shortages also exist in specialist roles, senior management roles, penetration testing and security architecture – all pointing to a shortfall in employee development.
“It is imperative that the UK’s cybersecurity community returns to training in order to maintain their ongoing situational awareness and to maintain the UK’s global position as a centre for cybersecurity skills and innovation,” said Don MacIntyre, interim CEO of the UK Cyber Security Council. “While investment in specific skills development courses, setting staff on a pathway to certification is essential, it needs to be teamed with continuous education that can build on industry accreditation and ensure professionals are constantly developing their skills and knowledge as part of a career pathway as well as to support the evolving needs of their organisation.”
The UK Cyber Security Council is supporting its push for a renewed commitment with the creation of a variety of tools and resources to support organisations and their cybersecurity professionals. These resources include the council’s career and forthcoming qualification frameworks. Both are interactive guides to help organisations develop clear and realistic criteria for hiring, and to help practitioners plot viable career progression routes as they follow a professional development plan.