August 6, 2014 10:04 am

Skills gap leaves UK vulnerable to cyber attack, says business

Cyber crime security ID©Dreamstime

Cyber crime security ID

Business chiefs have warned that a skills gap is leaving the UK vulnerable to cyber attack, as statistics show that fewer than 0.6 per cent of recent graduates are working in cyber security.

The quality of computer science degree programmes is being blamed, with industry leaders stating that graduates are ill-equipped for the modern workplace as they have studied little in the area of cyber security, which constitutes less than 5 per cent of degree credits in some institutions.

An analysis of government statistics on students leaving higher education in 2012-13 conducted by the International Information Systems Security Certification Consortium, an industry body, showed the number of computing science first degree graduates in employment was 7,635, of which just 0.6 per cent were in cyber security roles.

“The majority of graduates coming out of UK computer science and computing departments have not spent the necessary amount of time with the basic principles that govern information security and risk management,” said Dr Yiannis Pavlosoglou, risk and security specialist at UBS, bemoaning the UK’s “large and ever widening” cyber skills gap.

Many computer science graduates have “only done one module on information security”, said Derrick Bates, senior information security officer for the North Cumbria University Hospitals NHS Trust, adding that courses were “great at teaching how to create data but now to protect it”.

“It is like building a house without locks,” he said. “What is the point in universities turning out great software developers and web designers if they have no idea how to design them securely?”

He added that computing graduates who were poorly trained in data security were a risk to their own organisations.

“Under-skilled IT staff in one department can be a gateway for hackers to get into the rest of the organisation,” he said. “At the NHS, I have seen poor practices by junior staff in everything from handling memory sticks to data disposal. NHS Surrey was recently fined after staff disposed of an old computer without checking the 2,900 patient records had been deleted.”

FT Special Report

Cyber security

illustration for Cybersecurity 2013 special report by Chris Tosic

From viruses to hacking, we examine the dangers that can bedevil business IT

Further reading

Dr Adrian Davis, European director of IISSCC, said: “The professional community is increasingly reporting that UK computing graduates do not have any advantage over graduates from other subject areas.”

GCHQ, the UK’s electronic spy agency, gave its stamp of approval to six masters degrees in online security last week in an effort to address the skills gap and combat rising levels of cyber crime.

The six accredited courses include modules in “ethical hacking”, where students attempt to break into systems to learn how to defend them, as well as digital forensics to identify precisely what data have been compromised in a cyber attack.

“You can’t teach students to defend systems if they don’t know how they’re attacked,” said Awais Rashid, director of security at Lancaster University’s security research centre, which offers a GCHQ-accredited MSc in cyber security.

Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from and redistribute by email or post to the web.


Sign up for email briefings to stay up to date on topics you are interested in