The gap in national cyber skills continues despite years of government-backed initiatives, with the latest figures showing that more than half (51%) of all private sector companies in the UK have identified a shortage of basic technical cybersecurity skills.
Approximately 697,000 companies in the UK have low confidence in basic tasks such as setting up automatic software updates and securely transferring personal data, for example, according to national cyber skills survey conducted by the Department of Media, Culture and Sport and Ipsos, published yesterday (May 3rd). These figures are “in line” with previous annual cyber labor market surveys in the UK, the report said.
Respondents were asked to report how confident they would be in carrying out specific cybersecurity tasks covered by government-backed Cyber Essentials Accreditation Schemewhich has been running since 2014. The report considers that those who are not very confident or not at all confident in performing these tasks have a skills gap.
Areas with the most flawed skills gaps are setting up configured firewalls, storing or transferring personal data, detecting and removing malware, and restricting software that runs on business-owned devices. More than a third of companies surveyed said they had low confidence in firewall configuration and malware detection, while 29 percent also said they had low confidence in personal data security. These specific tasks topped the list of areas of skills in which organizations have low confidence and remain unchanged from previous surveys conducted by DCMS, the report said.
In these areas, based on the type of organization, charities continue to show a striking lack of confidence in carrying out key cybersecurity tasks compared to large enterprises and the public sector. One third of the charities surveyed expressed low confidence in setting up configured firewalls and secure storage or transfer of personal data.
According to the report, information and communication companies are among the least likely to point to gaps in basic skills, while these skills gaps are more pronounced in the hotel and construction and food sectors. Technical monitor recently reported a data breach at UK food company Greencore, which could lead the company to sue staff whose personal information has been compromised.
Content from our partners
The report also notes that there has been no “clear up or down trend” in the last four DCMS surveys and that the latest figures have “fluctuated”. He also suggests that these figures remain largely unchanged from the first study in 2018 and that “there is a constant need for basic cybersecurity advice and guidelines for organizations outside the cyber sector”.
Part of the reason for this stagnation may be that British business is simply unaware of government initiatives to improve basic cybersecurity practices. Only 16% of companies in the UK have heard of the Cyber Essentials scheme, in which companies can conduct self-assessments to understand the cybersecurity of their assets, while only a third have heard of the cyber security program Cyber Aware. The schemes are valid from 2014 and 2020, respectively.
This apparent lack of awareness among businesses in the UK means that acceptance of such schemes remains strikingly low – only 6% of organizations have undertaken the Cyber Essentials certification process, while this figure is even lower (1%) for Cyber Essentials Plus scheme, according to the latest government study on cybersecurity breaches.
Read more: Has the Stormous hacking gang really violated Coca-Cola?