The UK Government suffers from a major shortage of cybersecurity experts, putting critical services at high risk of cyber-attacks, a new report from the Parliament’s Public Accounts Committee (PAC) has found.
The Committee revealed a major digital skills shortage in the civil service, which has under half the number of digital, data and tech professionals it requires. Currently, the proportion of these workers in government is around 4.5%, which compares to an equivalent industry average of between 8% and 12%.
The PAC’s inquiry heard of “particular shortages” of cybersecurity experts in the UK government, whose skills command a “premium.”
Dame Meg Hillier MP, Chair of the PAC, said the lack of cyber expertise in the service “should send a chill down the government’s spine.”
This digital skills shortage is also hindering the government’s ability to upgrade and address its highest-risk legacy systems.
The figures correspond with findings from the UK Government’s Cyber Security Skills in the UK Labour Market 2023 report, published in July 2023, which found that 50% of UK businesses have a basic cybersecurity skills gap, and 33% an advanced cybersecurity skills gap.
Commenting on the PAC report, Professor Richard Benham, government cybersecurity advisor and leading academic within cybersecurity said the findings were particularly alarming amid the rise of advanced technologies.
“The pace of AI and quantum computing, along with tech bio-engineering, means what we define as human will change, and the digital revolution will bring rapid challenges. The government needs cyber experts, and these will be futurists who understand the ripple of impacts on every part of our lives, helping us to get it right first time,” he explained.
“What is scary is that there are so few leaders in this field. When people find out I was the first Professor of Cyber Security Management just 12 years ago, they see how important the sector has become,” added Benham.
Factors for the Skills Shortage
The PAC inquiry heard that civil service pay constraints mean government departments are unable to compete with the private sector in hard-to-recruit roles, such as cybersecurity.
Additionally, it reported that some of the digital skills shortages are “self-inflicted,” with staffing cuts meaning the digital headcount has been rationed in government departments.
Another notable finding was that the requirement for senior generalist leaders to have a better understanding of digital business has not been formalized in the civil service.
Therefore, the PAC recommended that digital responsibilities, such as improving digital services and addressing the highest-risk legacy systems, should be included in letters of appointment at the most senior levels in all departments.