IT skills shortage hampers UK response to cyber threats

News 12 Feb, 2013

A new report by the National Audit Office claims the IT security skills gap will take up to 20 years to close, and leave UK PLC at risk of attack.

The IT security skills shortage could hamper the UK’s ability to protect itself from cyber threats, as the "decade-long decline" in computer science teaching in schools and universities takes its toll.

This is one of the major challenges the Government’s cyber security strategy will need to overcome to be a success, according to a new 43-page report by the National Audit Office (NAO).

The public sector spending watchdog said the number of people training to become cyber security professionals has not kept pace with the growth of the internet, which could leave UK PLC at risk of attack.

It could take up to 20 years to address the skills gap at all levels of education.

“This shortage of ICT skills hampers the UK’s ability to protect itself in cyberspace and promote the use of the internet both now and in the future,” the report stated.

The IT security skills gap is an issue that has been repeatedly flagged by the public sector in the past, the report added. For example, the Department for Business, Innovation and Skills referenced the “decade-long decline” in ICT and computer science in schools and universities in April 2012.

This has resulted in fewer students choosing to study these subjects and has created a skills gap that could take up to 20 years to fill, the report warned.

“Interviews with government, academia and business representatives confirmed the UK lacks technical skills and the current pipeline of graduates and practitioners would not meet demand,” the document said.

“Those we interviewed from academia considered that it could take up to 20 years to address the skills gap at all levels of education.”

In light of this, efforts have been made to close the skills gap, the report added. This includes the Government’s pledge to overhaul the ICT curriculum in schools, which is expected to result in cyber security becoming a “strong strand” of the forthcoming GCSE computer science syllabus.

The report also stated that IT skills will not be the only ones in high demand when it comes to shoring up the UK’s cyber security defences.

“The skills the UK needs to design and implement cyber security policy are not only technical, [as] there is also a need for psychologists; law enforcers; corporate strategists and risk managers,” the document said.

“Other professionals, such as lawyers and accountants also need to understand cyber security in order to assess, manage and mitigate the business risk of cyber threats.”

Aside from the skills debate, the NAO was broadly positive about the Government’s cyber security plans, claiming its efforts have already started to pay off in some areas.

For instance, the Serious Organised Crime Agency has reportedly repatriated more than 2.3 million items of compromised card payment details since the Government’s cyber security strategy was published in November 2011.

“[This] prevented a potential economic loss of more than £500 million,” said the document.

However, Guy Bunker, senior vice president of products at security vendor Clearswift, said more needs to be done to make cyber security a more appealing area to work in.

"There needs to be more publicity for those who do ‘save the earth’ from the latest virus, or those who thwart internet-based industrial espionage [and] a need for greater rewards,” he offered.

“At a time when student fees and loans are at an all-time high, maybe there should be additional financial incentives to moving into the field. It may take 20 years to fill the skills gap, but do we have that long? We need to look at ways to accelerate the solution,” Bunker added.