UK’s Cybersecurity Talent Shortage: A Ticking Timebomb During Covid-19

Half of companies do not have adequate cybersecurity provision to allow for 100% remote working. And, whilst 58% of tech hiring managers list info-security as their most required skillset right now, only 10% of tech professionals in the UK possess the right skills to help plug the gap. The findings come from a new report by global recruiter Robert Walters and data provider Vacancysoft: Cybersecurity: Building Business Resilience, which highlights how the problem is far worse on a European level, with 70% of companies stating that they do not have a sufficient cybersecurity team and are having to deal with a talent shortage of 140,000 across the continent.

Darius Goodarzi, Principal – Information Security and IT Risk at Robert Walters, comments: “The move to remote working, cloud-based file sharing, rise in video calls, and cashless transactions has highlighted to all businesses the importance of adequate IT security to allow for business continuity and protection from online breaches. In fact, there are over 65,000 attempted cyber attacks on UK SME’s every day with around 4,500 being successful at a cost of £2.48m per instance.

“Given the cost, both financially and reputationally to businesses, it is surprising to hear that cybersecurity only accounts for 5.6% if total IT spend in a company.”

Cybersecurity Job Roles on the Rise

There are approximately 43,000 professionals working in a fulltime cyber security related role in the UK, representing a 37% increase in employee jobs over the last two years. Despite hiring freezes across the board during lockdown, including general IT roles which were down by -40% for the first half of this year; cybersecurity bucked the trend and job volumes increased by +6%.

James Chaplin, CEO of Vacancysoft, comments: “The rapid pace of digital transformation bought on by Covid-19 led to a surge in recruitment at the beginning of this year. As a result, cybersecurity is becoming an ever-greater part of the technology function.” Whereas in 2018 cybersecurity accounted for 3.5% of technology vacancies, so far this year it is above 5% and this growth is forecast to continue.

Vacancy Growth by Region

With the UK long claiming its status as one of the world’s leading digital nations, home to exceptional talent, cutting-edge innovation, and rapid growth, it is not surprising to see the rise in infosec vacancies on British soil. Rather than off-shore roles to international countries such as India where tech talent is in abundance, the trend here has been to nearshore to regions outside of London, with the North dominating.

While traditionally London had been the centre for hiring, the regions are catching up with the capital. In 2018, 50.6% of all cyber security vacancies were in London, where in contrast this year 40.8% of vacancies are London based, a drop of 10%. Yorkshire and the North East has seen a year-on-year increase of infosec vacancies of +138%, making it the second largest employer within the sector  representing 18% of overall cyber security hires.

The next most prominent region is the South East, representing 16% of cybersecurity hires in the UK (down from 19%). However, much like London activity has been down year-on-year by 12.4% as businesses adopt nearshoring tactics and hire in northern regions.

Ahsan Iqbal, Director of Technology at Robert Walters, comments: “The north has been rising for some years now in regards to tech hubs from a year-on-year increase in VC funding, less barriers to entry for start-ups, relocation of headquarters, and some of the best tech courses in the UK. It is quite clear to see that Yorkshire and the North East is making quite an aggressive play to dominate the info-security field, and increasingly we are seeing more consultancy firms base themselves in the region as a result of low cost base and quality talent pool.

“The nearshoring of roles to other parts of the UK means that the country is in a strong position to become the cybersecurity capital in Europe.”

Darius Goodarzi shares the top 4 job roles in demand within infosec this year:

  1. Security Operations Centre (SOC) – As businesses take more steps to strengthen their cybersecurity strategies, a SOC takes both a preventative as well as reactive approach, detecting potential threats, and implementing measures to prevent them from happening. In London, salaries for SOC have spiked by up to 10.5% in large companies.
  2. Security Engineer – The government has invested £10m in cybersecurity solutions over the past year, with a pressing need for security engineers to implement new security products and install updates that enhance security around current IT platforms.
  3. Security Awareness Manager – With businesses becoming more data driven and staff gaining increasing exposure to commercially sensitive information, security awareness training is required to educate employees and provide data protection guidance to ensure compliance.
  4. Chief Information Security Officer (CISO) – There is more technology in the workplace than there has ever been before, growing an organisation’s attackable surface. With this comes a realisation to the executive level that security is a key component in business continuity and operational performance – requiring an advocate to work alongside the C-suite to ensure compliance with security procedures.

Ajay Hayre, Senior Consultant Technology at Robert Walters, comments: “As businesses continue to invest in cybersecurity software and adopt new platforms, there will be a heavy emphasis on Cloud skills, security engineering and site reliability engineering. Professionals involved in security orchestration with strong SIEM skills such as Splunk will be highly valuable, as well as AWS container security and micro service security architecture. Businesses will have to make heady attempts to secure cybersecurity specialists, where possible tapping into passive candidate markets to secure the best talent.”