The last 12 months have been turbulent for many from a cyber security perspective, with recent findings from the Government Cyber Security Breaches Survey revealing that approximately 2.39 million instances of cybercrime impacted UK businesses last year.  

Organisations operating within every sector, from government bodies to household brands, have been impacted by malicious cyber activity. The impact of attacks in 2023 was vast, with millions upon millions of pieces of sensitive information being compromised. 

Despite the growing and ever-present threat posed by malicious actors in 2023 though, there was also lots to be proud about from within the cyber security industry and community. 

Looking ahead, 2024 isn’t likely to be too dissimilar to what we experienced in 2023. Advancements in groundbreaking technologies such as AI and deepfakes will create new risks, making it easier for attackers to automate attacks, and lowering the bar of entry to carry out attacks. And on the other side of the coin, there may be increased risk due to a potential lack of spending from organisations on cyber security. Last year’s Government Cyber Security Breaches Survey revealed that the number of UK businesses which had experienced a cyber-attack had fallen by 7% compared with the previous year. While this may appear like a step in the right direction, these figures could indicate that cyber security is falling down the list of priorities for UK businesses. In fact, the same survey found that the number of micro-businesses that labeled cyber security as a high priority had decreased from 80% in 2022 to 68% in 2023. 

So, what is behind these industry-wide shifts, and could a widening cyber skills gap be responsible? A recent study published by the UK Government revealed that half of all businesses in the UK have a basic cyber skills gap, with a third suffering from an advanced cyber skills gap. What’s worrying is these figures align with what the government was seeing in 2022 and 2021, meaning the issue hasn’t improved over three years. 

What is the cyber skills gap? 

A cyber skills gap is defined when an organisation and its staff do not possess the necessary skills or confidence to carry out the processes needed to ensure cyber security practices are upheld.  

A report issued in September last year by the Public Accounts Committee (PAC), which is a select committee operating within the House of Commons, found that just 4.5% of civil servants are in digital, data or technology roles. This figure, the committee estimates, is less than half of what the government needs. Worryingly the report also stated that the “lack of cyber-security experts should send a chill down the Government’s spine”. 

How can the industry close the gap? 

The businesses, bodies and organisations operating within the cyber security industry have a responsibility to try and close this gap. Whether it be within the private, public or third sector, there are lots of actions that can and should be taken. 

1. Expanding recruitment and training to students and graduates 

At P3M Works, we are in the process of taking on several T-Level students and graduates in the last year and will continue this push in 2024 and beyond. A large reason for the skills gap is a lack of available talent. In the UK, employers often want a one size fits all solution, which in many cases leads to the pursuit of senior cyber security practitioners. This can be expensive, especially in a highly competitive employment market. By hiring and training entry-level staff, organisations are able to build for the future, and craft skilled workforces with expertise in technological roles, and their specific business operations.  

1. Looking to adjacent sectors for skilled workers 

Cyber security can be a niche area which often requires highly specific knowledge and skills. However, there are a number of sectors where skilled professionals have an abundance of transferable skills, but perhaps are being overlooked. At P3M Works, we believe that one of these is the His Majesty’s Armed Forces. Since 2021, we have employed and worked alongside several veterans, providing them with critical training in cyber, which complements their vast leadership experience and skills. As an industry, many make the more obvious jump from the intelligence services to the private cyber security sector, however there is a multitude of talented individuals from the Armed Forces and other technical sectors which can pursue a career in cyber; it’s about giving them the necessary opportunities and support. 

1. Adopt technology within your operations 

In many other sectors technology is being used to mitigate the effects of skills and labour shortages, and the cyber industry should be no different. Advances in technology such as AI are offering organisations huge opportunities to improve the workflow of their employees, lessening their workload through automation. And it’s not just AI, traditional technology integrations such as digital training or gamification platforms allow organisations to provide training and incentives for their workforce to become more knowledgeable. This alone is an extremely effective way to close the cyber skills gap at an organisational level. Industry leading solutions such as ORNA, are also lowering the bar for SMEs, using AI and other cutting-edge technology to provide end-to-end incident response automation for small IT teams, simplifying threat detection, triage and human incident response. 

The cyber skills gap should be a concern for the UK. Malicious cybercriminals are becoming increasingly skilled, while the cost of cybercrime globally promises to reach a staggering amount in the next two years; some forecasts predicting it will reach $10.5tn by 2025, making it an extremely lucrative business for cyber groups. Despite these challenges, there are steps we can take to improve cyber and digital knowledge and close the gap. 

For more information on improving your cyber security processes, get in touch with the P3M Works team at: info@p3mworks.co.uk or find out more about our services here.