Credit: Biljana Jovanovic/Pixabay

There is an opportunity for the UK to become a "world leader" in closing the gaps in cybersecurity employment, according to a new report which outlines how governments and businesses are struggling globally to keep up with rapid changes in technology.

A report by the Royal United Services Institute (RUSI) international security and defence think tank has reviewed the recent cybersecurity legislation and regulations of the UK, the US, Canada, Singapore, Japan, and the EU – seen as the six major jurisdictions in the world.

The RUSI, which launched the report last week, identified a worldwide shortage of cybersecurity personnel, with governments competing globally for skills. 

Describing the UK as “a highly capable cyber state” with an ambitious national goal of becoming a “cyberpower”, the report highlighted the UK’s “whole of society approach” to cyber policy which links cyber strategy to education, industry, and foreign policy. 

Clare Rosso, CEO of (ISC)² – a non-profit organisation which sponsored the report by RUSI and specialises in the training of cybersecurity professionals – told PublicTechnology sister publication PoliticsHome that there is an opportunity for the UK to become a "world leader" in this area but it must share its best practices "openly and transparently" to ensure international cooperation.

Related content

• Government’s cyber plan delivers ‘a complete revolution in how we provide assurance’
• EXCL: Government red team security unit to test departmental defences with hostile reconnaissance
• Cabinet Office invests in ‘honeypot’ cyber traps to help protect network

“We think this is an opportunity to be a world leader," she said. "The UK can help to be a leading voice in the global standardisation of best practice.”

In March 2021, the then Department for Digital, Culture, Media and Sport set up the UK Cyber Security Council as a new independent body to oversee the UK government’s plan to "make Britain secure and resilient in cyberspace".

Describing this as an example of where the UK has excelled in cyber strategy, Rosso said any findings from the council should be "openly and transparently shared” with other nations to boost international cooperation in the industry, and also stressed that diversity in recruitment is important.

"Cyberthreats are rapidly evolving," Rosso said. "As a nation, you will be more successful at problem solving with a diverse team doing that problem solving.”

She emphasised the need to improve skills “at a huge scale” and that nations such as the UK need to think about how they will train "hundreds and thousands" of individuals in this area in the near future. 

Diverse workforce
To achieve the UK government's cyber goals, the report outlined that a more “diverse and technically skilled workforce” is needed in the industry, which goes beyond gender imbalance and also addresses the need for greater regional diversity.

London and the southeast of England employ nearly half of all UK cybersecurity professionals, so the UK government has funded 12 ‘cyber clusters’ across England, Wales, Scotland and Northern Ireland, to encourage cooperation between local private and public sectors. 

The report recognised that recent trends and global events, such as the Covid-19 pandemic and increased digitisation, have caused an imbalance in the number of workers needed to fulfil the skills in the cyber industry. 

Governments across the world have introduced a range of initiatives to respond to such shortages, but the report highlighted that there is a lack of research on whether these schemes are effective, particularly on how to reduce gaps between education and the demands of industry.

The RUSI report also found that across the world, there has been a trend towards more interventionist policies rather than voluntary standards for tech firms, citing the UK’s 2016-2021 cyber strategy as an example of this.

Calling for international cooperation on cyber regulation that is “proactive rather than reactive”, the RUSI warned that without international guidelines, tech firms could enter markets with a "wild west" mentality.

The report stated that cyber threats can only be tackled internationally as they operate “without borders”.

It also highlighted a broader theme that big tech must take a big role in cyber security ecosystems, with a need for firms like Meta and TikTok to be transparent about their security and privacy efforts.

A wide range of threats facing the UK were identified in the National Cyber Security Centre’s 2022 Annual Review, including ransomware attacks and other types of cybercrime, and threats posed by state actors in cyberspace.

Science, Innovation and Technology Michelle Donelan said: "Protecting the UK's digital economy is our top priority, which is why our National Cyber Strategy, backed by £2.6billion, has a clear focus on deterring and disrupting cyber adversaries, protecting supply chains and infrastructure and advancing the secure use of digital technologies. This comes on top of action to strengthen our cyber security laws, which includes world-first legislation to protect consumers' 'smart' devices."