Half of businesses lack basic cybersecurity skills

Employers urged to introduce targeted training as a recent report found that many firms are not confident storing personal data, creating firewalls or detecting malware.

Half of UK businesses lack the most basic cybersecurity skills, new government research has revealed, prompting urgent calls for employers to take action. 

The research, conducted by Ipsos Mori on behalf of the Department for Digital, Culture, Media and Sport (DCMS), found 50 per cent of the 965 businesses polled “lacked the confidence” to carry out at least one of a series of basic technical tasks.

These included almost a third (31 per cent) of companies that said they were not confident storing or transferring personal data; a quarter (25 per cent) that were not confident setting up firewalls; and a fifth (20 per cent) that cited detecting and removing malware as an issue.

The government report concluded that these skills gaps were “often exacerbated by perceptions gaps among key decision makers”, including management boards; IT teams that lacked an appreciation for cybersecurity; hiring managers that may not be working as effectively as they could with HR staff; and recruitment agents.

The changes brought about by Covid-19 raise new opportunities to engage senior managers on cybersecurity issues, look at innovative training solutions and broaden recruitment practices to reach an enlarged talent pool,” the report concluded.

In March, the government’s Cyber Security Breaches Survey 2021 showed two in five (39 per cent) UK businesses had experienced cybersecurity breaches or attacks over the past year, costing each firm on average £8,460 (rising to £13,400 for medium to large businesses).

The survey also found only 18 per cent of businesses had a cybersecurity policy on how to use personal devices at work, with less than a quarter (23 per cent) having a cybersecurity policy covering home working, raising concerns the pandemic was putting firms at even greater risk of cyber attacks.