Addressing the cyber security skills gapJuly 18th, 2013 by Rob Freeman
Earlier this year, the National Audit Office (NAO) identified the ‘current and future ICT and cyber security skills gap’ as one of six barriers the Government must overcome to successfully deliver its cyber security strategy.
As more and more businesses start to tackle the rising cyber security threat, how can we start to bridge this skills gap?
Start at the top
Raising awareness of the business-critical issues related to cyber security and having the skills to address them at the top of an organisation, seems like a sensible place to start.
Despite the fact that cyber crime cost UK businesses a staggering £21 billion last year, evidence suggests that there is still work to do to raise the profile of cyber security at senior/board level. The recent Boardroom Cyberwatch Survey revealed that:
“While a majority of respondents say their board receives ‘regular’ reports on the status of their organisation’s IT security, 52% say that such reports are received, at best, annually.”
This survey also highlights a need to boost cyber security skills at this level:
“Furthermore, despite cyber-threats potentially impacting many mission-critical aspects of a business, only 30% of respondents say an understanding of current IT security threats is a prerequisite for board-level job candidates.”
Addressing awareness, skills and understanding at the very top, should pave the way to developing and deploying an effective cyber security risk management strategy that incorporates people, processes and technology. The new PAS 555 Cyber Security Risk Governance and Management document defines exactly what cyber security should look like, through a series of clear outcomes. Senior managers responsible for developing this strategy and defining how it can be achieved may consider developing their skills and knowledge on the Cyber Security Risk Management Training Course.
Once a clear strategy has been agreed addressing the remaining skills gaps becomes much easier.
Target your investment in skills development
40% of respondents in the Boardroom Cyberwatch Survey admitted that currently their “company is either making the wrong level of investment in information security or are unsure if their investment is appropriate.” A clear cyber security risk management strategy will give you a framework for making informed investments in staff skills development for the future. The Cyber Security Learning Pathway provides certificated training opportunities, accredited by APMG, IBITGQ and ISACA that will help you address skills gaps across the areas of information security, cyber resilience, service management and IT governance.
Acting now to close the cyber security skills gap in your organisation will put you ahead of your competitors when it comes to assuring your customers, regulators and other stakeholders that you are addressing the cyber security threat. In the long-term this could be a very worthwhile investment when you consider that:
“More than 70% of investors are interested in reviewing public company cyber security practices and almost 80% would likely not consider investing in a company with a history of attacks.” [Source: HBGary report].