From the perspective of a tech recruitment consultancy, cyber security recruitment in the UK has changed significantly over the past few years. A strong pipeline of cyber security candidates is now a difficult commodity to come by, with many companies struggling to find the right people for their roles. In this blog, we’ll explore the challenges and opportunities in cybersecurity recruitment in the UK and how to navigate them.
The Current State of Cybersecurity Talent in the UK
The UK is one of the global leaders in cybersecurity innovation, with a robust cybersecurity industry and a growing number of employees in the field. According to a report by Ipsos MORI, the UK cyber security industry employs over 50,000 people, an increase of nearly 13 per cent compared to 2020.
This growth is because cybersecurity has rapidly become one of the highest priorities for all businesses of all sizes. Recognising the importance of cybersecurity to the success of an increasingly digitalised UK business landscape, the UK government announced plans to invest £1.9 billion into improving it over the next five years.
It’s unsurprising, therefore, that the government’s Cyber Security Breaches Survey 2022 found that around four in five (82%) of boards or senior management within UK businesses rate cyber security as a ‘very high’ or ‘fairly high’ priority, an increase on 77% in 2021.
This level of focus is reflected in the fact that British companies’ cyber security budgets accounted for 20% of the total IT budget in 2021, increasing by eight percentage points compared to 2020.
All this growth means cybersecurity recruitment is a hot market in the UK – but with exponential growth comes some equally exponential challenges.
The key challenges in the Cybersecurity talent market
The most fundamental challenge in Cybersecurity recruitment in the UK is the much-maligned skills gap. This is only set to get worse as demand for new talent continues to grow. The UK government predicts that by 2022 there will be more than 150,000 unfilled jobs in cybersecurity; that’s almost four times as many as there are today.
According to the research, amongst businesses that tried to recruit cybersecurity professionals in the past three years, 35% have struggled. In most cases, this was due to a lack of technical skills, but almost as many applicants were found to be lacking the soft skills necessary, particularly for more senior roles.
The skills gap creates challenges for both sides. The obvious one is that employers are finding it increasingly difficult to hire qualified candidates. The less obvious impact on cybersecurity professionals is that they are under huge pressure to perform over and above their pay grade to keep up with demands. This leads to burnout, high attrition rates and a vicious cycle that’s difficult to break.
Access to professional development is another key challenge for UK Cybersecurity talent
Given how fast the cybersecurity landscape changes, it’s unsurprising that keeping up with it isn’t easy. Professionals must develop new specialist knowledge that takes time to develop.
The rapid growth in cybersecurity and the urgent recruitment response left the market depleted of available skilled talent – but this is compounded by the fact that education and training have not kept up with the pace of change.
There are many reasons for this. The first is that through financially uncertain periods, the reduction or cutting of budgets for non-profit and revenue-related items has significantly impeded investment in cybersecurity training. Also, historically businesses have relied on hiring-in talent to stay up-to-date with the latest threats and vulnerabilities. Naturally, they increase recruitment budgets ahead of staff development budgets.
The second is productivity. Where there are already personnel shortages, and cybersecurity professionals are under pressure, where does the time come from for continued professional development? This predicament does, of course, exacerbate the issue. Where staff are under-educated and under-resourced, we know engagement and performance suffer.
The third clear reason behind a lack of investment in continued cybersecurity training and education is a shortage of skilled trainers and educators in the field. Also, there’s a lack of standardisation in cybersecurity education and training. This makes it tricky for organisations to choose the right programmes and training providers, leading to confusion and a lack of confidence in their quality.
UK Cybersecurity Opportunities: Finding the Right Cybersecurity Talent
This isn’t just a plug, but finding the right IT recruitment consultant with a proven cybersecurity specialism can help massively. An experienced recruitment consultant has a deep understanding of the cybersecurity industry and can help businesses to identify and attract top cybersecurity talent, even during the skills gap crisis. We have access to a vast network of candidates and can leverage our expertise in the recruitment process to find the right fit for your business.
There’s a common issue within cybersecurity where candidates (understanding the state of the market) are chancing their arms, frequently applying for roles they don’t have the skills and experience to perform in, and exaggerating their expertise and experience on CVs.
Working with an experienced recruitment consultant helps overcome this issue. Not only do we have close relationships with a vast array of cybersecurity employers and knowledge of major movers and shakers, but we also have long-term relationships with candidates. Very often we follow them through their careers, negotiating all their major career moves for them. There’s no way to pull a fast one on someone who knows the market inside out.
Do what we do – build your network
We know it’s 2023, but personal networking has got personal again. If you don’t find what you’re looking for online, try attending in-person conferences, events and seminars to build your professional network.
Part of our roles as cybersecurity recruiters is being out there in the market, meeting people and building relationships. We have a huge network of cybersecurity professionals who trust us to represent them in the recruitment process. As a result, our clients get access to some of the best talent out there. But nothing is stopping you from casting your net out there in the same waters.
As employers grapple with the massive shortage of cybersecurity talent, many experts claim that the missing piece is more entry-level positions. This advice comes with the caveat that there must be equal focus on providing access to continued professional development and growing your own talent to ensure you build your own cybersecurity talent ecosystem.
Not only would increasing the focus on hiring into entry-level positions help address the skills gap, but it would also help the industry address the equally important issue of lack of diversity in cybersecurity.
In the UK, we have a long way to go before we can call ourselves an inclusive environment for cybersecurity talent. In fact, according to the Information Commissioner’s Office (ICO), only 15% of IT professionals are female and just 6% are from BAME backgrounds.
Research has shown that diverse teams are more attractive to potential candidates and experience increased retention. For example, a study by Microsoft found that having a diverse team was essential for attracting and retaining the best talent – increasing the diversity of your team increases the diversity of thought, perspective and experience.
An exciting future for Cybersecurity talent
In summary, it’s clear that cybersecurity talent is in high demand and short supply. This has led to a situation where businesses are struggling to hire the right people for their roles, while many professionals feel undervalued and underpaid. The answers are not quick, or easy – but it’s clear that with careful consideration, the future of cybersecurity in the UK is bright.
We’ve been instrumental in matching up more cybersecurity talent with cybersecurity employers than ever in the past few years and would love to help find your perfect match. But don’t just take our word for it that we’re the right consultants for the job – take a look at what our clients and candidates have to say.