The past 18 months have seen one of the most rapid transformations in the way people live, work and communicate in history.
The Covid-19 pandemic unalterably changed both business and personal practices – shifting everything from communication to ecommerce to social lives onto digital platforms.
Yet arm-in-arm with the growth of digital engagement, grew a threat described by the World Economic Forum as one of the top ten risks facing humanity – cybercrime.
The scale of this threat is vast and growing. It is estimated that one small business is hacked every 19 seconds in the UK alone, while 2021 also saw a significant rise in ‘Big Game Hunting’ Ransomware attacks, with the potential power to bring a nation’s infrastructure and healthcare systems to its knees.
Facing off against this mounting threat is the cybersecurity industry – now one of the fastest growing industry sectors around.
Cybersecurity is a huge and fast-expanding industry, with multiple sector verticals. Yet, while it is powered by the IT infrastructure, software and analytical tools used to defend against cyber attacks, at its heart it is an industry driven, and developed, by people.
Cyber professionals who can understand and navigate the constantly changing threat landscape play a huge role in how a cyber attack is managed. Even the best firewall in the world is only as good as the humans who program, maintain and monitor it.
And while there is no doubt that organisations with AI-enhanced cybersecurity systems are better placed to withstand attacks than those without machine-learning systems, there is no substitute for professional human analysts with intuition, creativity and critical decision-making skills.
In fact, having a dedicated cyber incident response team and plan in place is believed to have cut the cost of an average data breach by £1.79million this past year alone.
In this article we will take a look at some of the varied roles available for those working in the fast-paced and dynamic cybersecurity sector, and how the industry is growing and changing.
First, though, we have to start with a warning.
Despite the role cybersecurity professionals play in protecting business assets and facilitating trade and commerce, the sector is facing a critical shortage of experienced talent.
This isn’t a new warning – last year Acumin reported on how this issue was scaling in our 2020 / 2021 Salary Survey report. But the changes described above have brought into sharp focus just how much of a dearth in expertise the sector has.
With an estimated 134,500 employees currently working in the UK cybersecurity sector (47,000 of those working for dedicated cybersecurity companies), the demand for cyber professionals has grown by an average of 14% a year since 2016.
Yet 37% of all UK vacancies for cyber roles since 2019 have been hard to fill. Globally, 61% of organisations say their cyber security teams are understaffed.
In the face of this shortage, half of UK businesses last year reported basic security skills gaps, such as being unable to store personal data securely, while also reporting that 40% of job applicants for cyber roles lacked sufficient technical skills.
In particular, the sector is crying out for specialists in senior management roles, penetration testing and security architecture.
The most common roles currently in demand are security engineers, security analysts, security managers, security architects and security consultants – while the financial, consultancy and insurance sectors, in particular, have reported themselves in need of cyber talent.
In terms of in-demand skills; network engineering, risk management, cryptography, programming, and an understanding of operating systems and virtualisation, all feature highly in vacancies this year.
Amidst these shortages, the cybersecurity sector is also in flux. In the past, the role of cyber security professionals was mostly reactive, with the aim of dealing with a threat as quickly as possible. For this, a technical knowledge of IT infrastructure was paramount.
However in today’s world, digitalisation – and the rise of edge computing and the IoT – have massively expanded the attack surface for cyber criminals to exploit – and with that has come the need for employees with wider skill sets.
For example, cybersecurity ‘needs’ have ballooned with the requirement to increasingly secure mobile devices, cloud environments and third parties. Combined with an increase in ransomware attacks and a growing role for cybersecurity staff to build resilience into the digital products of the future, it has become ever-more important for cyber professionals to have more proactive skills as well.
Anticipating what attackers will do before they do it, finding vulnerabilities in enterprise code, and having a cyber team able to conduct regular employee training on cyber issues (such as how to recognise phishing emails) are among the vital skillsets for today’s cyber workers.
And while the role of the CISO at the pinnacle of enterprise cybersecurity has matured – boards now increasingly rely on them as part of business continuity and risk management planning – the breadth of the industry has also grown.
For example, small and medium-sized businesses are clamouring for more cybersecurity support amid rocketing ransomware attacks. As enterprise businesses get better at protecting themselves, and as attacking tools proliferate and drop in price on the darkweb, SMB’s have become attractive new targets for attackers.
Collectively, then, what the sector is seeing is an employee’s market. Salaries across the sector are growing, candidates are more able to dictate their terms (such as working from home) and are switching roles faster.
Specialist roles such as DevSecOps jobs last year saw salary increases of around 9% for a typical candidate, with senior DevSecOps staff commanding a 33% increase in the two years up to 2020.
Combined with this is the growing shortfall in cyber talent. In a March 2021 report by The UK Government’s Department for Digital, Culture, Media and Sport, it was estimated that there are approximately 7,500 people entering into a cyber security career each year (including 4,000 university graduates and 1,000 entering into apprenticeships).
But with an estimated 17,500 cyber workers needed annually to meet demand and replace lost workers, there is an estimated annual shortfall of 10,000 people – for the UK alone!
What’s even more worrying is that, in reality, the UK is in quite good shape. As the New York Times reported last year, it is estimated there is, globally, a talent shortage of around 3.5m people – all needed to help protect the global digital economy 24 / 7/ 365!
Cybersecurity – protecting organisations, charities and individuals against the scourge of cybercrime – is an increasingly critical part of the world’s socio-economic development.
There has never been a better time to move into this fascinating sector, or begin training. The opportunity for jobs will continue, as will the challenges and innovation that today’s digital working environment require.
Technology itself is only part of the solution. At the absolute vanguard of this sector are the cybersecurity professionals with the creativity and breadth of skills to drive it into the future.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.