The National Audit Office identified a number of key challenges the government faced in “implanting” its cyber security strategy. This included influencing the private sector to protect itself, increasing awareness to stop the public becoming the weakest link, fighting cyber crime and enforcing law, making sure government was joined-in its approach and addressing a cyber security skills gap.
Cyber security and ICT professionals had not grown in number to match the growth of the internet, the NAO reported. “This shortage of ICT skills hampers the UK’s ability to protect itself in cyberspace and promote the use of the internet both now and in the future,” it warned.
Warnings about a cyber skills gap have emerged before. Intelligence agency GCHQ has admitted that it is struggling to retain cyber experts who are drawn to better salaries and rewards in the private sector.
But the NAO said it was not just computing expertise that the UK cyber skills base lacked.
“The skills the UK needs to design and implement cyber security policy are not only technical, there is also a need for psychologists; law enforcers; corporate strategists and risk managers,” it said.
“Other professionals such as lawyers and accountants also need to understand cyber security in order to assess, manage and mitigate the business risk of cyber threats.”
The report from the NAO did recognise that the government’s strategy, which has seen £650m of public money committed to cyber security, had started to deliver benefits. For example the Serious Organised Crime Agency had repatriated more than 2.3 million items of compromised card payment details to the financial sector in the UK and internationally since 2011, preventing a potential economic loss of more than £500m.
But more questions will await the government. Chi Onwurah MP, Labour’s shadow cyber security minister, said the government needed to improve leadership and co-ordination and that it currently had an “ad hoc approach” to cyber.
And Margaret Hodge, who chairs the influential Commons Public Accounts Committee, said MPs would now want to know how the action of the fifteen government organisations involved in delivering the cyber security strategy was being “properly coordinated”.