The National Audit Office (NAO), the independent body responsible for scrutinising UK government departments and agencies, has today warned that if the number of applicants for ICT courses doesn’t increase, it could take “up to 20 years” to fill the skills gap in the cyber security field.
The NAO did say the establishment of the national Cyber Security Strategy (CSS) in 2011 has already started delivering benefits, but gave a bleak forecast in a 40-page report entitled “The UK cyber security strategy: Landscape review”.
According to NAO, the cost of cyber crime to the UK is currently estimated to be between £18 billion and £27 billion a year. At the same time, eight percent of the country’s GDP is the direct product of the Internet economy, a greater contribution than in any other G20 country.
In 2011, the CSS outlined how an investment of £650 million would keep the country secure from hackers through to 2015. The programme relied on “cooperation between the government and the private sector” in order to make UK networks safe, and included a number of education and research initiatives.
Despite the abundance of funding, CSS has so far failed to solve one particular issue – the lack of qualified staff. In the report, the NAO says that the number of IT and cyber security professionals in the UK has failed to increase in line with the growth of the Internet sector.
“Interviews with government, academia and business representatives confirmed that the UK lacks technical skills and that the current pipeline of graduates and practitioners would not meet demand,” states the report.
“Interviewees were concerned about a lack of promotion of science and technology subjects at school resulting in the reported lower uptake of computer science and technology courses by UK students,” it adds.
NAO hopes that the skills shortage will be helped by several upcoming government initiatives and the overhaul of the ICT curriculum. “The government is working to address this and has said that it intends to overhaul ICT teaching in schools to make it genuinely about computer science rather than office skills,” states the report.
Meanwhile, the government established a £2 million-a-year Centre for Global Cyber Security Capacity Building, and the joint public and private sector initiative ‘Cyber Security Challenge UK’ had launched a new framework to enable people to move into cyber security mid-career.
Besides bridging the “skills gap”, the report also mentions other, less critical objectives, such as “increasing awareness” (NAO believes that 80 percent of cyber attacks could be prevented through simple computer and network ‘hygiene’) and “demonstrating value for money” that cyber security solutions can provide.
“There is the conceptual problem that, if cyber attacks do not occur, it will be difficult to establish the extent to which that was down to the success of the strategy,” notes a press release from NAO.
Even though some problems remain, the UK has made considerable progress since the CSS was first published. The Police Central e-crime Unit has trebled in size, and the Serious Organised Crime Agency has repatriated over 2.3 million sets of compromised card payment details since 2011, preventing a potential economic loss of more than £500 million.
The report also mentions that since 2010, the UK Parliament has shown growing interest in cyber security, so at least the aim of “increasing awareness” is definitely being achieved.
“While it’s important to have specifically trained staff to counter the growing hacking threat, the UK certainly can’t wait 20 years for the next generation of cyber-security experts to be inspired, educated and trained,” commented Geoff Collins, VP of Product Management at 1E.
According to Collins, regular OS patching, application whitelisting, upgrading of (potentially highly vulnerable) legacy applications and careful monitoring of admin privileges has proven to mitigate 85 percent of all cyber-attacks.
What do you know about public sector IT? Take our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
The last point noted in this article deserves greater emphasis. Yes, lack of ICT skills is a big challenge for the UK and Europe and will affect the ‘next generation’ of employees. However, let’s not forget that there is a huge amount that security and IT professionals can be doing today to better protect their organisations but in many cases, are not doing so. These steps are straightforward to implement using the right tools and policies. Both the UK private and public sectors can do a lot more to protect themselves against cyber attacks.
Let's not forget that UK companies offshored ICT work at the start of the century and this is still ongoing. Kids won't take ICT up until companies value local workers above their cheaper foreign rivals.