Demand for cyber-security professionals in the UK shot up 58% last year, while the shortfall of available personnel has more than tripled, according to a DCMS cyber-security labour market report.
In 2021 UK businesses advertised 53,144 core cyber roles and 100,048 “cyber-enabled” roles – where cyber-security makes up part but not all of the job description. These figures were increases of 58% and 66% respectively over 2020.
“The demand for cyber security professionals has increased significantly in 2021. This continues and surpasses the post-pandemic recovery in demand seen in autumn 2020,” said the cyber security skills in the UK labour market 2022 report.
“Employers and recruitment agents consider the cyber security labour market an increasingly candidate-driven market, with a greater average number of vacancies per firm this year, and a greater proportion of these vacancies being hard to fill.”
Follow The Stack on LinkedIn
The report estimates the UK’s cyber-security workforce is somewhere between 110,000 and 152,000 strong, with a mid-point estimate of 131,000, putting it around the same size as in 2020. Around 7,500 people entered the workforce, and 4,600 left – while demand increased by 17,000 (13%).
“Taken together, these findings suggest a net annual shortfall of c.14,100 people in 2021. This is an increase of c.4,100 from the 2020 estimate,” said the report.
The DCMS report noted the findings of the 2021 ISC2 Cybersecurity Workforce Study, which found the UK cyber-security workforce to be around 301,000, with a shortfall of 33,000. While the overall figures are different, the relative shortfall – 10.8% vs 11% – is comparable.
Other metrics backed up the strongly increased demand for cyber-security professionals, according to the report.
“More than half of all cyber sector businesses (53%) have tried to recruit someone in a cyber role since the beginning of 2020. While this is similar to the previous year’s result (47%), it is worth noting that the average (mean) number of vacancies per firm has gone up from 5.2 last year to 6.8 this year,” it said.
Of these vacancies, the research estimated 44% were “hard to fill”, up from 37% in 2020 and 35% in 2019.
Businesses that outsourced cyber-security have better-resourced in-house teams than those which don’t, the research found: “[Sixty per cent] of those that outsource have more than one person responsible, compared to [43%] of those who do not outsource.
“This suggests that outsourcing continues to be used by organisations as a way of expanding their cyber capacity, rather than as a way of replacing their in-house cyber security staff.”
See also: BT’s ‘reverse flywheel’ problem: CDIO inks fresh cloud deal, targets £600m/y legacy IT spend
More than half of UK businesses have a basic cyber-security skills gap, and a third of businesses have more advanced skills gaps, especially around pen testing, the report also showed. These figures are much the same as in previous editions of the research.
Among cyber-security firms specifically, the report found: “Half… (49%) have faced problems with technical cyber security skills gaps in the past 12 months, either among existing staff (20%) or among job applicants (45%). This year (compared to 2021), there are higher skills gaps in the areas of operational security management and implementing secure systems.”
Geographically almost half (48.6%) of cyber-security job postings were in London and the south-east. And the mean advertised salary was £60,100 for a core cyber job posting, up just 1.5% from 2020, with the median salary at £55,000, up 3.7%.
Looking at the sector’s longer-term prospects, the report found a 17% increase in the number of people enrolled in cyber-security courses, and a 7% increase in graduates. Computer science enrolments were up 14%, with graduates up 5%.
“This increase is likely to support the narrowing of the cyber workforce gap in the long run. However, it is still a small increase within the context of known skills gaps across the UK economy,” said the report.
Diversity in the sector improved slightly but still looks woeful: 22% of cyber-security professionals are women (up from 15% in 2020), while 25% are from ethnic minority backgrounds (16% in 2020). Senior roles were less diverse, with only 13% filled by women.
The report surveyed 947 private sector businesses, of which 107 were large businesses, along with 123 public organisations, 211 charities and 224 cyber firms.