The government-mandated UK Cyber Security Council has officially launched with an aim to promote UK cyber security as well as committing to growing the skills base within the country. Increasing in regularity and the levels of sophistication, cyber-attacks are now an everyday threat to businesses. It is therefore really encouraging that this new body has been created.
However, the Council has to ensure it focuses not just on current issues, but also on the worrying trends that show a stark drop-off of students taking IT related courses. Unless this longer-term issue is dealt with, the work the that is undertaken now will be almost meaningless.
Promoting excellence within the security profession
The Cyber Security Council has been set up to broaden representation for the sector. It will also look to accelerate awareness and promote excellence within the profession. However, one of the most important roles the council will play is the creation of a formal professional recognition for security practitioners.
Bringing this level of ‘professionalism’ to the sector brings it in-line with other professions such as engineering, law and medicine. Giving cyber-security practitioners this level of recognition is important to help build credibility within companies, whilst reinforcing that all businesses should be prioritising cyber-defence.
The continuously changing threat landscape means that cooperation within the industry is crucial. Bringing in a formal recognition for security practitioners will bring a degree of legitimacy to the sector, encouraging businesses to invest more in cyber-defence, and look to boost efforts in the fight against cyber-crime.
Whilst the pandemic has certainly brought a spotlight onto cyber-crime and its impact on businesses and the public, companies still need to do more. The recentGovernment’s Cyber Security Breaches Survey showed that despite more companies acknowledging cyber-security as a priority (77 percent), many are not doing enough about it.
The launch of the Cyber Security Council will hopefully go some-way to further raise the profile of cyber-security, but also help companies feel confident in the professionals they bring in to help defend them against a growing threat.
Whilst, these aims are important the council will need to focus on an issue that has the potential to impact the businesses in the long-term, one that if not addressed could put the security of the public at an increased risk.
Future skills gap could be a problem
Whilst the creation of this council is a real positive, it is set against a back-drop of worrying figures from the Learning and Work Institute that has shown an IT skills gap that is not just threatening the immediate economic recovery of the UK but also one that threatens the day-to-day running and security of businesses for a number of years.
The Institute found that there has been a drop in the number of students participating in Further Education (FE) courses in ICT. In 2017/2018 there were 300,000 enrolments in FE and skills courses in ICT in England. By 2019/2020, there were just 247,000 enrolments, a decline of 18 percent. The research also spoke to 1,004 HR decision-makers in the UK and around 60 percent said that they believed a reliance on advanced digital skills was going to increase over the next few years.
There is very obviously a mismatch here between the needs of business and the numbers coming through the education system. There is a real need for more qualified new professionals with the skills needed to help organisations with their IT, particularly, as we have discussed, cyber-security.
This is more than a problem for the Government to solve. With IT now critical for every business and therefore the success of the country, we all have a part to play in helping encourage the younger generations see the value of a career within the IT industry.
The new Cyber Security Council therefore, has an immediate challenge on its hands. Whilst encouraging current professionals to seek more recognition of their skills, one of the first priorities for the Council should be to make sure that there is enough being done to guarantee that the next generation of cyber-security practitioners are available in sufficient numbers.
A skills gap in the IT sector has the potential to cause real headaches for businesses across the UK. A skills gap that impacts the cyber-security sector, will however, have a profound impact on the day-to-day lives and safety of the whole population. Some companies are already turning to IT consultancies to help with current skills gaps and to ensure that there is enough resource to manage the day-to-day security. However, an ongoing skills gap will impact the entire sector and any good work the Council achieves now would be negated.