The document analyzes trends and challenges in the cybersecurity job market, revealing that while demand for cybersecurity positions has returned to pre-pandemic levels, there are persistent skills gaps and shortages in the sector. COVID-19 has led to increased workloads and evolving skill requirements, necessitating more specialized knowledge across various roles. Additionally, the document highlights an understanding gap among non-cyber businesses regarding their training needs and the barriers to filling vacancies in the cybersecurity workforce.

1. Bridging the gap:
cyber security skills
June 2021
Jayesh Navin Shah, Ipsos MORI
Sam Donaldson, Perspective Economics

2. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
2
Content analysis of cyber
security job postings
48,763 job postings on the
Burning Glass database
Systematic typology to define
core cyber roles
Covers 18 months from
Jul 2019 to Dec 2020
Representative surveys of
cyber sector firms
c.1,500 UK firms in sector
Data collected across 2
telephone surveys
262 firms surveyed
from May to Jul 2020
171 firms from Aug to Oct 2020
Qualitative interviews with
cyber firms and team heads
From Sep to Oct 2020
8 cyber team heads in
very large organisations
9 skills and recruitment
leads in cyber sector firms
6 recruitment agents

3. SC Annual Digital Congress: bridging the gap | June 2021 |
Version 1 | PUBLIC
Changing
demands

4. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
4
Demand for cyber jobs reverted back
to pre-lockdown levels by Autumn 2020
Source: Burning Glass Technologies
Bases: 48,763 core online cyber postings from July 2019 to December 2020; 1,015,633 across all digital sectors
89 88
66
99
104
65
109
92
100
67
74
80
90
103
96
114
104 108
40
50
60
70
80
90
100
110
120
130
Jul
19
Aug
19
Sep
19
Oct
19
Nov
19
Dec
19
Jan
20
Feb
20
Mar
20
Apr
20
May
20
Jun
20
Jul
20
Aug
20
Sep
20
Oct
20
Nov
20
Dec
20
Job postings across all digital sectors
Index score
All core cyber job postings
March 2020 lockdown

5. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
5
But COVID-19 has had lasting and inconsistent
impacts on cyber skills
• Increased workloads and greater
pressure on cyber teams
• Challenges training and shadowing
colleagues in a virtual environment
• New opportunities to engage board
members, and argue for extra
investment in training and personnel
• A bigger talent pool available in the
short term
There is no doubt that the threat
level has gone up. Services are
more pressurised. They are more
focused on trying to deal with the
demand that is placed on them.
They are more fragile to an incident.
Non-cyber sector business
SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
5

6. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
6
This is alongside a broader evolution of skills needs
The entry point for cyber
roles is going up. You
have to become more
and more skilled to get a
foot on the ladder. A lot
of technology solutions
are replacing some of
those entry roles.
Cyber sector business
• Roles becoming more
fragmented
• Growing automation leading to
higher entry-level requirements
• Shifts away from traditional
software engineering, e.g. to
data analytics skills
• Specific growing skills needs,
e.g. cloud, AI, DevSecOps

7. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
7
There are still skills gaps, affecting several specialist
cyber security roles
Bases: 262 cyber sector businesses; 123 identifying any skills gap
% of cyber firms saying the following
prevent them meeting business goals
47%
job applicants/existing employees
lacking necessary technical skills
(vs. 64% in 2020)
31%
employees lacking communication,
leadership or management skills
41%
37%
36%
32%
31%
22%
21%
19%
Business resilience
Assurance, audits, compliance or testing
Incident management, investigation or digital forensics
Cyber security research
Threat assessment or information risk management
Cyber security governance and management
Implementing secure systems
Operational security management

8. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
8
And still skills shortages, where cyber sector
businesses identify specific vacancies as hard to fill
Bases: 171 cyber sector businesses; 46 that have had hard-to-fill vacancies since the start of 2019
37%
of all vacancies for cyber roles
in the last three years have
been considered “hard-to-fill”
48%
35%
30%
28%
24%
24%
Lack of work experience
Lack of technical skills or knowledge
Candidates lacking required attitude or motivation
Lack of soft skills
Low pay or benefits
Lack of qualifications

9. SC Annual Digital Congress: bridging the gap | June 2021 |
Version 1 | PUBLIC
The
understanding
gap

10. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
10
Outside the cyber sector, the proportion
of businesses that say they understand their cyber
training needs “very well” is relatively low
Bases: 965 businesses; 220 charities; 76 public sector organisations; 171 cyber sector businesses
Unlabelled bars are under 3%.
Businesses
Fairly well
Very well Not very well Not at all well Don’t know
Charities
Public
sector
Cyber sector 65%
22%
20%
16%
32%
56%
36%
46%
20%
21%
26%
18%
10%
5%

11. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
11
I don't know
what you do,
but I’ve been
told I need you.
SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
11

12. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
12
• Job postings can often end up having
unrealistic requirements
• Not understanding the balance of
technical and GRC skills truly needed
• Recruitment agents suggest a need
to educate hiring managers
SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
12

13. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
13
Cyber leads across all sectors continue to lack
awareness of workforce diversity issues
Bases: c.160 cyber sector businesses for all-grade workforce estimate; c.130 for senior workforce estimates
(in each case excluding those that were not able to answer these questions, or refused)
Senior cyber sector workforce (typically with 6+ years of experience)
Cyber sector workforce (all grades)
Digital sector workforce
All UK workforce
16%
3%
29%
48%
17%
3%
16% 13% 9%
1%
11% 14% 10%
2%
Female Ethnic minorities Disabled people Neurodivergent

14. SC Annual Digital Congress: bridging the gap | June 2021 |
Version 1 | PUBLIC
Making the
most of your
resources

15. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
15
Among the 47% of cyber sector businesses that had
tried to recruit, existing networks were among the
most common recruitment channels
Base: 81 cyber sector businesses that have had vacancies in cyber roles since the start of 2019
Only specific categories mentioned by 10% or more shown.
35%
33%
27%
25%
16%
12%
11%
Generalist recruitment website
Generalist recruitment agency
Partnerships with universities
Own website
Social networks (e.g. LinkedIn)
Specialist cyber recruitment agency
Word-of-mouth recommendations

16. SC Annual Digital Congress: bridging the gap | June 2021 | Version 1 | PUBLIC
16
• Demand for cyber skills has already returned to pre-pandemic levels
• COVID-19 has highlighted the need to ensure cyber teams are sufficiently
resourced, and may have temporarily increased the talent pool
• Skills needs are becoming more specialised and there are still skills gaps
and shortages
• There is also an understanding gap
• A mix of possible solutions, around education and awareness raising, giving a
voice to good HR leads and recruitment agents, and expanding networks
Summing up

17. SC Annual Digital Congress: bridging the gap | June 2021 |
Version 1 | PUBLIC
Thank you
jayesh.shah@ipsos.com
sd@perspectiveeconomics.com