The UK government recently launched a second audit of the cybersecurity labor market in order to find out whether organizations are failing when it comes to hiring and training cybersecurity professionals.
Companies in both the public and the private sector were chosen at random to participate in the audit, with the aim being for the audit to affect future government policies to overcome the skills shortage.
The audit is the second one to take place over the last few years, and the UK government are hoping to improve on the results of last year’s one. The audit in 2018 found that, out of approximately 1.3 million organizations across the country, 55% of organizations replied that they have a technical cybersecurity skills gap; meaning that they lack the basic knowledge to perform security tasks to help protect data.
The reason for the second audit, apart from the obvious hope of improvement over the 2018 one, is in part due to another recent report in April that discovered a dramatic increase in the cost of a data breach. It found that, on average in the UK, responding to a cyber-attack costs £4,200 which is an increase of £1,000 on the year before. The report also took issue with the fact that organizations in the UK are spending far less on cybersecurity than their counterparts in the rest of the world, like the USA, for example.
What Skills Does the UK Lack?
Unsurprisingly, the vast majority of organizations stated that they lacked personnel with the skills to perform high-level security tasks, such as penetration testing and risk assessments. Organizations quite often do not feel confident enough to perform these kinds of vital security tasks by themselves.
Additionally, almost 60% of businesses stated that they would struggle to perform an investigation of why a data breach occurred to a lack of visibility over what’s actually happening to their data. Non-profit organizations, charities and the healthcare sector were two sectors in particular that were struggling in this area.
In addition to the obvious security benefits of finding people with cybersecurity skills, organizations seem to clearly understand the legal benefits of security as well. Skills related to compliance were highly sought after, particularly with the introduction of the GDPR, to help avoid potentially crippling fines. Whilst compliance is certainly a good place to start, it should be treated only as a guideline and not as a foolproof security strategy.
How Does the UK Overcome the Skills Gap?
We are certainly on our way to doing this already. With cybersecurity taking the center-stage so often in the media and interest beginning at earlier ages, cybersecurity skills are being taught far more than they ever have been. It’s entirely possible that in a few generations time, we will have a workforce that are all security conscious and savvy to threats.
In the meantime, we don’t want to wait around for this to maybe happen. Organizations can take steps to improve their cybersecurity today.
If you can’t find the skills you need in the talent pool to improve your cybersecurity, there are many vendors that you can outsource a part of your security to. For example, if running a risk assessment internally concerns you, Lepide offer a free data risk assessment to help you identify and plug gaps in your data security.
Similarly, many day-to-day security and compliance concerns can be dealt with by deploying an automated solution. LepideAuditor, for example, enables you to audit, monitor and alert on changes being made to permissions, configurations and the data itself. It produces real time alerts and comes packaged with predefined reports specifically designed to meet compliance requirements such as the GDPR.