Tackling the cyber skills gap with internal investment
According to concerning UK government research, more than half (51%) of British companies lack the ability to carry out the most basic of cyber security tasks, while a third (33%) are unable to handle more advanced tasks, such as security architecture.
That’s a huge number of organisations that lack the necessary skills to run a business safely and securely in today’s tech-centric world.
Add to this that there is a chronic shortage of cyber security professionals as identified by the 2022 (ISC)² Cybersecurity Workforce Study, and it’s an unsustainable situation.
While it is important to continue filling tech and cyber roles with experienced and trained individuals, it’s also time for more organisations to urgently consider using the resources they already have by training more of their existing staff in the rigours of cyber security.
Learning and development opportunities abound in the tech sector: from continuing education courses to rapid-fire boot camp programmes, individuals without any background in cyber security can quickly pick up the skills they need to confidently support a business’ operations.
Apprenticeships are another way for employers to fill their cyber security vacancies and can open development opportunities for current or future employees. And with a cyber security Graduate Apprenticeship, means employers can benefit from higher-level degree qualifications combined with practical experience.
“Cyber security apprenticeships are not just a great way to bring talent into a business, but can also help with diversity as they open cyber roles to learners who may not have followed a traditional career pathway,” says Skills Development Scotland’s Claire Gillespie, Digital Technology Skills Industry Manager.
However, only 1 in 9 British businesses – primarily larger organisations – recognise how important it is for those who don’t work in cyber security to have up-to-date cyber training.
Arguably, it’s those who don’t work in the mainstream cyber industry or roles who are most in need of training: nearly every employee has access to email and can accidentally click on a phishing link or download malware that brings down operations.
And this has only been exacerbated by people working from home and connecting to their own networks.
Upskilling staff not only increases their confidence in supporting operational cyber security goals but also reduces the need to enter the ever-harrowing “war for talent” many organisations are facing.
Thankfully, there are numerous free or low-cost opportunities to do so.
Programmes such as the Scottish Business Resilience Centre’s Exercise in a Box or its Cyber Executive Education courses are jargon-free tools to ensure senior leadership fully understands the role non-technical people can play in keeping an organisation secure.
Events during CyberScotland Week, such as the Cyber Security Basics webinar run by Police Scotland and Neighbourhood Watch, will also educate individuals on how they can become more cyber aware.
The education you provide your staff on cyber security doesn’t need to turn them into experts. It just needs to ensure they are aware of the risks and practical measures they can take to prevent attacks or limit their fallout.
Doing so won’t entirely close the gap – but it will reduce pressure on existing cyber experts and spread the weight of security throughout an organisation.
Many firms try to recruit experts from other companies or work with apprentices and build up a talent pipeline within the next generation of workers.
But recruitment alone will not close the gap, only change who is suffering from it. Encouraging younger people to consider a career in cyber – while important – will also take time.
Put simply, the best response to addressing any immediate impact on your business is to invest in your own staff by offering them learning opportunities to become more cyber aware.