The UK has always sought to position itself as a tech innovator and by the end of last year our tech industry seemed to have bucked the economic trend generating a combined market value of a trillion dollars. The future, however, doesn’t look as bright. Results from the Global Skills Report 2023 shows the country slid down the global skills proficiency ratings from 38th place last year to 64th place this year, revealing a dramatic drop in the tech capabilities of the workforce.

The study found that while Europe is the leading continent for business skills and second for technology and data skills, the UK trailed, with 42% proficient in data skills, 31% in technology and 51% in data skills. Within the lowest scoring technology category, there was a worrying lack of investment in software engineering (23%) and security engineering (33%) (the latter included those who work in cybersecurity). There was also a disproportionate investment in investment management, risk management and fintech in business and mathematical studies, user experience and data structures in the technology field, indicating that people are upskilling in the wrong disciplines relevant to demand.

Yet what the study primarily reveals is a worrying lack of investment in the skills that the UK needs to be economically competitive. The lack of technology training in particular gives cause for concern due to cumulative skills shortages in cybersecurity. In the latest Cyber Security Skills in the UK Labour Market 2023 report, the forecast is for 7,000 new entrants to enter the profession and 4,700 to leave. Allowing for growth in the market, 13,500 new entrants are required which minus those leaving gives an annual shortfall of 11,100 year-on-year. This means the situation is set to worsen.

Short-sighted attitudes to training

So why has the UK slid down the digital league table and what steps do we need to take to reverse the trend? Part of the problem is down to the fact there is insufficient training to enable the workforce to keep pace with changing demands in the digital world. For example, the report found that 67% view AI as an essential skill going forward and yet there’s little provision being made to get people up to speed on the technology.

There’s also not been enough support for those looking to upskill or change careers into sectors. The World Economic Forum Future of Jobs report found over 60% of workers will need retraining between now and 2027 but there’s little evidence of that happening because the contracting economy is exacerbating the situation. Employers are reluctant to invest in on-the-job training and vendor certification programs because they perceive tech staff to be a high flight risk.

However, a reluctance to invest in staff simply fuels a transient labour market, with staff more likely to leave if they don’t receive the support and career progression they need. The (ISC)2 Cybersecurity Workforce survey found candidates took certifications to improve skills (64 percent) or to stay up-to-date with current trends (53 percent) and only 15 percent took a certification in order to apply for a job outside the organisation. It found that twice as many people would prefer an internal promotion over getting a new job. Going forward, we therefore need to be much more proactive about identifying emerging skill sets and supporting learning and career progression.

But the problem remains of how do you focus that upskilling? How do you identify where you’ll need additional resource? Using the cybersecurity sector as a testbed for how we can anticipate, define and channel talent could allow us to develop a blueprint for how to solve digital skills shortages.

Rapid evolution results in a confused market

Cybersecurity acts as a great example of how skills can rapidly develop leading roles to then emerge and evolve over time. Take, for example, cloud security or zero trust which are both now in high demand. However, there’s no consensus over which roles should be associated with those skills and this can cause confusion in the marketplace. You’ll often find companies recruiting for the same job but they associate different skill set with the role, for instance.

A lack of definition then leads to poorly targeted job descriptions, candidates with the wrong skillsets being sent for interview and makes workforce planning to prevent skills shortages very difficult to carry out. For this reason, many countries have now devised career frameworks which act as a recipe card for roles, outlining the skills related to each.

The oldest of these is the National Initiative for Cybersecurity Education (NICE) from NIST which was developed for federal cybersecurity employees in the US while the most recent is the European Cybersecurity Skills Framework (ECSF) which was rolled out across the continent by Enisa in September. Here in the UK, the UK Cyber Security Council is currently rolling out its Cyber Career Framework. This covers 16 specialisms and maps not just skills but knowledge, qualifications, responsibilities and elements of working life including salary bands and is expected to be completed by 2025.

What we now need to see happen is for employers, recruiters and candidates as well as educational establishments to get behind the framework to help restructure the market. Defining the skills associated with specific roles will then bring some much-needed clarity to the sector and make it easier for businesses to identify and recruit to fill their skills gaps and for candidates to upskill using the right qualifications for where they want to go.

As a business, push for your HR team and security teams to use the careers framework to:

  • Carry out workplace mapping
  • Build job descriptions for recruitment
  • Encourage employees in non-security roles with transferable skill sets to fill skills gaps
  • Create career progression plans
  • Guide investment in training

But there’s no reason why it needs to end there. These frameworks could also be used together with other studies to anticipate and plan for future demand. Another category could be added within the sixteen career specialisms that recognises potential skills relevant to that discipline in the future, for example, such as AI prompting among coders. In this way the career framework could also help prevent future skills crises such as the one we’ve seen in cybersecurity by helping careers evolve in line with skillset demands.

Going forward, there’s little doubt that we need to get better at predicting and channelling training if we are to avoid a further decline in digital skills. Initiatives such as career frameworks are therefore going to become vital in targeting those efforts and in ensuring the business chooses wisely when taking on candidates and investing in their future.

Jamal Elmellas, Chief Operating Officer, Focus on Security
Chief Operating Officer at Focus on Security | + posts

Jamal Elmellas is Chief Operating Officer at Focus on Security, the cyber security recruitment agency, where he is responsible for delivering an effective and efficient selection and recruitment service. He has specific expertise in and is adept at designing and delivering secure, scalable and functional ICT services.

Prior to joining Focus on Security, Jamal built a successful Security consultancy and undertook the role of CTO. He was responsible for delivering secure ICT services for both government and private sectors. He has also fulfilled the role of Lead Security Architect and Assurance practitioner within sensitive government departments and blue organisations.

Jamal has almost 20 years’ experience in the field and is an ex CLAS consultant, Cisco and Checkpoint certified practitioner.