News

UK tech skills gap could increase risk of cyber attacks

Industry heads across the UK have warned that a lack of skills in cyber security could leave businesses more vulnerable

7 Aug 2014

A lack of skills in cyber security among UK graduates could lead to increased risk for businesses, industry leaders have warned.

According to statistics, only 0.6 per cent of recent graduates (2012-2013) are currently working in the cyber security sector, with others left unprepared when leaving computer science degree programs. Many technology qualifications reportedly gloss over the issue of security, creating a significant skills gap.

The concerns were brought to light by a study from the International Information Systems Security Certification Consortium, which revealed that less than 1 per cent of the 7,635 computer science graduates across the UK were working in cyber security positions.

Dr Yiannis Pavlosoglou, risk and security specialist at YBS, told the Financial Times: "The majority of graduates coming out of UK computer science and computing departments have not spent the necessary amount of time with the basic principles that govern information security and risk management."

In terms of cyber security, computer science graduates may not have an advantage over those coming from other subjects, Dr Adrian Davis, European director of IISSCC has claimed.

Organisations have been warned about this shortcoming inherent to many recent graduates, with those in the industry pointing out the risk they pose to cyber security when unable to properly protect sensitive data, extending to basic tasks such as data disposal.

"It is like building a house without locks," Derrick Bates, senior information security officer for the North Cumbria University Hospitals NHS Trust added. "What is the point in universities turning our great software developers and web designers if they have no idea how to design them securely."

In an effort to address the problem, GCHQ has approved six masters degrees focused on online security. These include offerings from Edinburgh Napier University, Lancaster University, the University of Oxford and Royal Holloway and University of London.

GCHQ said of the accreditations: "The National Cyber Security Strategy recognises education as key to the development of cyber security skills and, earlier in the year, UK universities were invited to submit their cyber security Masters degrees for certification against GCHQ's stringent criteria for a broad foundation in cyber security.

"Partnerships have been key throughout the process with the assessment of applicants based on the expert views of the industry, academia, professional bodies, GCHQ and other government departments."