This is the principal finding of research from digital resilience experts RedSeal, which surveyed UK CIOs and senior IT professionals, to reveal that the cybersecurity skills gap has reached a crisis point.
In July, RiskIQ warned the financial impact of cybercrime on the internet is costing the global economy £2.3 million per minute.
The RedSeal research found that major concerns about business’ ability to develop, attract and retain personnel with the right skillset to stand up against an ever growing threat landscape.
For example, it found that a staggering 87 percent of CIOs and senior IT pros reported that they are struggling to find cybersecurity professionals with the expertise needed to combat serious and organised online crime.
Almost 73 percent said that uncertainty around Brexit is a huge concern when it comes to hiring security professionals from outside the UK.
Indeed, nearly everyone 95 percent specified that Brexit will in fact widen the current skills gap, since many IT security professionals currently within British business are from outside the UK, due to the lack of advanced cybersecurity education provided locally.
This is despite it being a over a year since Parliament’s Joint Committee on the National Security Strategy, published a report exposing the UK’s chronic lack of digital skills, even within some of its own security agencies.
And the issue of cybercrime is not going away any time soon.
A worrying 81 percent of respondents to RedSeal reported they have suffered a cybersecurity breach in the last 12 months.
RedSeal also found that the lack of skills has also contributed to a lack of proper response planning and 40 percent of senior IT pros stating that their business doesn’t have a plan in place to respond to a security breach.
It has urged the government “to create a more robust education policy that will deliver the skills needed in the future.”
“Across the industry, we have drained the talent pool for security professionals,” said Dr Mike Lloyd, CTO at RedSeal. “There’s a global shortage of about 4 million cybersecurity pros, up from just over 3 million last year.”
Action is needed
“The UK’s education system can help, but not quickly – professionals agree that it takes about 10 years of real-world experience to develop the skills needed to combat today’s threats, so we’re facing a sustained drought for talent,” said Dr Lloyd. “Automation can help but cannot replace human intuition and insight. We have to build hybrid teams, combining computers for all the drudge work so that the few human analysts can focus on the security tasks that matter.”
Other security experts agreed there is an urgent need for more cyber skills.
“The cyber security skills gap has become too large for organisations to ignore with a reported 3.5m unfilled positions expected by 2021,” said Paul McEvatt, senior threat and intelligence manager at Fujitsu EMEIA.
“Cyber security incidents and data loss continue to pose a significant risk to the UK economy,” said McEvatt. “35 percent of the public recently admitted to having security concerns around the sharing of personal data, showing the long-term impact that these incidents – and lack of talent – is having on the public’s opinion towards how their data is handled.”
He also called on the government, as well as others to do more.
“It is evident new approaches to talent creation need to be considered,” said McEvatt. “Government, academia, law enforcement and businesses all have a part to play in talent identification and will need to work collectively on the provision of different pathways for students who may not ordinarily be suited to the traditional education route. One way to achieve this is through addressing diversity within cyber security and making training more accessible to people of all backgrounds.”