A new report from cybersecurity professional services provider RiverSafe reveals that a staggering 87 per cent of Chief Information Security Officers (CISOs) in the UK are grappling with a critical cyber skills gap. The study, titled “Underfunded and Under Reported: Threats, Breaches, and Budgets,” surveyed 250 UK CISOs through Censuswide, highlighting the severe shortage of cybersecurity expertise within organisations.
The National Cyber Security Centre (NCSC) and the UK Government have been striving to address this issue through various initiatives. The ‘CyberFirst’ programme, designed by the NCSC, introduces young people aged 11-17 to the dynamic field of cybersecurity. Additionally, the government launched the ‘Cyber Explorers’ scheme last year, targeting 11-14-year-olds with a free learning platform aimed at equipping them with essential cyber skills. These initiatives form part of the government’s £2.6 billion National Cyber Strategy, which focuses on enhancing cybersecurity skills across all levels.
Despite these efforts, the report reveals that 83 per cent of CISOs believe their organisations are still vulnerable due to the widening skills gap. Alarmingly, only 39 per cent of CISOs have made closing this gap a priority for 2024. The lack of investment in hiring and training dedicated cybersecurity staff is a significant concern, with 60 per cent of CISOs stating that it drains too many resources, making it a lower priority. This underinvestment is poised to exacerbate the skills gap further.
The situation is compounded by the fact that two-thirds (63 per cent) of CISOs admit their organisations lack sufficient visibility over devices, networks, and applications. This deficiency hampers their ability to manage cyber threats effectively, especially given the skills shortage. Although 32 per cent of CISOs report that their organisations have a Security Operation Centre (SOC) team, a notable 72 per cent rely on AI as part of their cybersecurity defence. This trend indicates a significant shift towards AI and automation, potentially at the expense of developing human-operated skills.
Suid Adeyanju, CEO of RiverSafe, emphasised the importance of addressing this gap: “It is essential that CISOs prioritise closing the cyber gap to safeguard their organisations in an era of heightened threats. As cyber-attacks become increasingly complex, especially with the rise of AI, proactive measures are crucial to protect sensitive data and assets.”
Adeyanju acknowledged the dual-edged nature of AI development: “AI is rapidly becoming integral to business operations, offering numerous benefits. However, it also presents security challenges, particularly regarding oversight of devices and applications. Ultimately, cybersecurity and cybercrime are still conducted by people. Security teams must not lose sight of investing in human expertise, even in an era dominated by AI and automation.”
The report underscores a pressing need for a balanced approach that integrates AI advancements with the development of skilled cybersecurity professionals. As cyber threats continue to evolve, the focus must remain on building robust defences that combine technological innovation with human expertise. Without addressing the critical cyber skills gap, organisations risk being ill-prepared to face the increasingly sophisticated landscape of cyber threats.
For more information, visit RiverSafe’s website or refer to the full report “Underfunded and Under Reported: Threats, Breaches, and Budgets.”