UK CIOs: Skills Gap is Cyber Risk

Jul 18, 2016

By Michael Shuff, 7Safe lead reporter | 18 July 2016

According to research carried out by Robert Half Technology, cyber security incidents cost UK firms £34.1bn in 2015. Nearly half of those surveyed lacked advanced cyber defences, despite the high level of concern about cyber-attacks and associated costs. One report, 'Cybersecurity – protecting your future', found that the majority of CIOs (77%) believe that they are due to face more security threats in the next five years due to a shortage of IT security talent. CIOs said that the top three risks that they believe they are facing in the next five years will be data abuse/data integrity (60%), cybercrime (54%), and spying/spyware/ransomware (39%).

Given the prominence of cyber security and data protection risk issues in their lives, it is perhaps therefore hardly surprising that more than a third (34%) of UK CIOs are currently planning to increase headcount due to IT risk and security. The positions that are most in demand are IT Security Analyst (junior level), Information Security Officer (mid-level), and Security Operations Officer (mid-level), although other disciplines such as penetration testing, security architecture, and application testing.

IT security professionals are expected to be foremost proficient in cloud security, IT security technologies and big data/data analytics, together with security architecture and hacking/ penetration testing, turn out to be the most challenging security skills to find, thereby highlighting the IT security skills gap. Phil Sheridan , Senior Managing Director at Robert Half, recognises that having a robust talent management programme is essential to efficiently manage the IT security skills shortage. “If companies want to stay abreast of industry developments and efficiently deal with IT security, they need to assess which expertise is missing in-house and either invest in training programmes for existing IT professionals or hire additional IT security experts.”

Hiring Plans for Cyber Skills in 2016-2020

When it comes to security professionals, the hiring plans of companies surveyed make interesting reading, with 41% expanding their IT security permanent staff roles and 38% maintaining existing levels. The general outlook is one of more cyber jobs.

Hiring Plans 2016

Most ‘In-Demand’ Technical Skills

The top 5 Technical Skills in IT Security were headed by Cloud security, perhaps telling a measure of the importance of Cloud services to businesses of all sizes?

Top Skills in cyber security


Understanding the reasons for the current problem:

The ‘cyber skills’ gap is a complex issue, and there is a lot of debate and disagreement about the underlying causes and solutions. Here are some factors experts have identified:

Not enough of the right graduates. For in-demand jobs in cyber security, there simply aren’t enough people being trained. New university programmes will make a difference, but only in a timeframe that will see many organisations compromised.

Answer: Vocational training programmes that can (but don’t always) lead to degrees.

Reluctance to provide training. For cost reasons, many employers would prefer that job seekers and employees provide all their own training, but this is increasingly unrealistic in a market where competitors will outbid you and entice away key staff.

Answer: Train to invest in your pool of cyber talent. In the long-run, it costs you less!

Inadequate compensation. Some organisations simply can’t find cyber skilled candidates because the pay that they offer, especially for in-demand jobs, is not competitive with other employers in their area. The additional burden that falls on the skilled IT security staff they retain means these people want to change firms asap.

Answer: Regularly review pay scales for IT security staff and be ready to pay more.

The growing need for soft skills. Many new graduates, while tech-savvy, lack basic communication skills and other critical soft skills. Although degree courses taught mainly through lectures and online learning have their benefits, vocational training in small groups where the delegates are forced to interact with the class and work in teams has a key advantage in helping techies to develop their people skills.

Are you planning to recruit more cyber skilled candidates? Or perhaps looking to retain more of your existing cyber security team in 2017?

You can talk to our expert consultants in complete confidence and find out about the services 7Safe and PA Consulting can offer to help you succeed. We have many more CREST and IISP-accredited training courses in the cyber field than our competitors and a long track record of delivering world-class training for fundamentals, core and specialist needs.

Find our more about our training courses today. Or to talk to an expert about training your staff to improve your cyber capabilities, call us on +44 (0)1763 285285.

Mind The Gap2
"77% of CIOs believe that they are due to face more security threats due to a shortage of IT security talent."