The UK Government issued their 2023 report on cyber security skills in the UK labour market recently. In summary, it says that UK businesses have a cyber security skills gap.
In good news, almost every business surveyed is confident about creating backups, and controlling who has admin rights. Most businesses are confident that their staff can identify fraudulent emails/websites and use acceptably strong passwords.
However, it is clear that there is a lack of confidence in cyber security skills in the businesses surveyed.
We have summarised the findings of the research below.
Skills laid out in the Cyber Essentials Scheme
For the businesses that do not outsource their cyber security to an external provider:
- 38% are not confident in their ability to set up configured firewalls.
- 34% are not confident about detecting and removing malware.
- 30% are not confident about storing or transferring personal data securely.
- 27% are not confident about restricting the software that runs on their devices.
More advanced Cyber Security tasks
Again, for the businesses that do not outsource their cyber security to an external provider:
- 64% are not confident in security architecture or engineering.
- 45% are not confident in conducting vulnerability scans.
- 39% of businesses surveyed are not confident in conducting user monitoring.
Complementary Cyber Security skills
Firms recognise that soft cyber security skills are important to the business. The average importance rating was 8.4/10, with 32% of firms listed them at importance 10/10.
- But, 43% of businesses are not confident that they could prepare training materials or training sessions.
- 24% of businesses were not confident that they could communicate cyber security risks to directors, trustees or senior management.
Governance and Compliance skills
42% of businesses say it is essential for their staff to have an understanding of the legal or compliance issues affecting cyber security.
- 43% of businesses and 48% of charities surveyed are not confident in their ability to carry out a cyber security risk assessment.
- 43% of businesses and 52% of charities are not confident in their ability to develop cyber security policies.
- 41% of businesses and 43% of charities are not confident in their ability to write or contribute to a business continuity plan.
Lack of dedicated staff
The survey also says that 50% of businesses have just one employee responsible for cyber security. Of course, many businesses in the UK are small, and so have fewer resources, but even some bigger businesses have only one person with responsibility for cyber security. Often (84% of the time), staff in the private sector have absorbed cyber security tasks into an existing non-cyber related role, meaning that cyber security may not be their top priority.
In summary: there is a lack of confidence in many businesses that their in-house cyber security skills are sufficient to be able to carry out necessary cyber security tasks.
If, like the businesses surveyed, you are not confident in your ability to carry out some of these tasks and protect your business, the Click and Protect team are able to help in many different ways. For example, we can help with technical cyber security, support you in getting Cyber Essentials certification, write security policies for you, or conduct a risk assessment – and so much more.