Cybersecurity is there a skills gap?

Cybersecurity is there a skills gap?

6th December 2019

A cybersecurity skills gap demands thinking outside the box”. “Why the cybersecurity skills shortage is a real nightmare”. “Overcoming the cybersecurity labor shortage”. Every week we see new headlines lamenting the dangerous skills shortage in the cybersecurity industry. But is it real, or is it just scaremongering? 

Unfortunately, it’s real. Earlier this year, Cybersecurity Ventures crunched some numbers to predict that there would be 3.5 million unfilled cybersecurity jobs globally by 2021 – up from one million in 2014. In fact, “in the search for cybersecurity skills in the UK, employer demand is outmatching candidate interest by more than three times” – an imbalance that’s actually threatening the cybersecurity of the entire country, says Andy Johnson of TechUK

So, why does the current cybersecurity skills shortage exist, and what does this mean for recruiters and candidates? 

Why is there a cybersecurity skills shortage?

Cybersecurity is still a relatively embryonic industry, and one that is continually changing. The first cybersecurity roles, in fact, were IT people in the middle of their careers who gravitated towards the cybersecurity space as the need for skilled security professionals became ever clearer. What we’re seeing, here at identifi Global, is that all of these original cybersecurity experts have been used up: there are far more jobs in the current market than there are candidates. 

The obvious answer would be to bring more cybersecurity professionals through at entry-level – and this is indeed the plan. The National Cyber Security Centre – part of GCHQ – was established in 2016, and includes CyberFirst: a programme of bursaries, apprenticeship schemes and more to get 11-19 year olds into the industry.  The government’s National Apprenticeship Service also includes cybersecurity roles, among many others. 

However, the industry as a whole simply isn’t quick enough at turning on entry-level jobs or training up entry-level candidates to embark on a cybersecurity career. And there’s still work to be done from an educational point of view. 

It’s only in recent years that specific cybersecurity degree courses have come to the fore. For years, young people had the sole option of a basic IT qualification, after which they may have fallen into cybersecurity almost by accident, rather than by design.

Now, though, the number of cybersecurity degree courses – including many approved by GCHQ – is on the rise, meaning that young people can now make a conscious choice to enter the cybersecurity field, rather than IT as a whole. 

While efforts are clearly being made to improve the industry’s skills gap, though, the prospect of 3.5 million unfilled cybersecurity jobs in 2021 means that more must be done. The industry needs to become more clever, retraining and redirecting people’s careers into the cybersecurity space. 

What the skills gap means for recruiters and candidates

For recruiters like us, this skills gap is a challenge. Not only is there a serious scarcity of homegrown cybersecurity talent, but also a decrease in the number of overseas candidates. 

While in previous years we have helped to place large numbers of Indian and Australian candidates in UK roles, these numbers have fallen as both countries have bolstered their own cybersecurity markets. Cybersecurity is a serious concern the world over – and with India drafting a new Personal Data Protection Bill and the Australian federal government introducing a brand new cybersecurity strategy, homegrown opportunities and salaries are on the rise.

The candidates we do place have a very different experience to when the industry was in its infancy. Gone are the days of waiting patiently for new cybersecurity roles to become available – now, most candidates will have six to eight different roles available to choose from. 

This all means that it’s more important than ever for recruiters to gain a full understanding and awareness of the reasons why people are looking for a new role. The skills gap means that money is no longer the driving factor for a change of role: a good cybersecurity candidate can easily command a sizeable salary wherever they go. 

Instead, we focus on exactly what else a candidate is looking to get out of a move: what they are looking for, and why they are looking for a change. This could include things like a more suitable company culture, an improved work/life balance, a more challenging role, a different environment or a different tech stack. Once we have this understanding, we can find each and every candidate the perfect role for them. 

The presence of the cybersecurity skills gap is undeniable: with 2021 set to bring with it an incredible 3.5 million unfilled roles within the industry, things need to change. Whether it’s making young people more aware of the industry’s opportunities, improving access to cybersecurity training and qualifications, incentivising overseas candidates to consider a UK move or working to reskill existing IT professionals, it’s vital that we work together as an industry to plug the gaps to ensure a safe and secure future. 

Looking for your next cybersecurity move? Take a look at our current roles – and find out how we put our candidates at the heart of everything we do.  


Join the cluster today!

Enjoy all the benefits being a member brings and complete the registration form here.

Join the cluster here
For more information on the stc please contact us

01327 856108

Send us a message
Founding Members: