NAO calls on government to address cyber security skills gap
Report praises government steps to tackle cyber crime but wants greater public awareness
The government needs to take steps to close the UK's current and future ICT and cyber security skills gap, according to a report by the National Audit Office (NAO). The NAO estimates that cyber crime costs the UK economy between £18bn and 27bn every year, 80% of which could be prevented through simple computer and network 'hygiene'.
Furthermore, the report, titled "The UK cyber security strategy: Landscape review", found that cyber attacks ranked as one of the top four UK national risks in 2010, with the internet economy now accounting for £121bn, equivalent to 8% of the UK's GDP, a greater share than for any other country in the G20.
The NAO acknowledged that "the UK therefore has one of the most wide-ranging cyber security strategies" and "leads other G20 countries in its ability to withstand cyber attacks and develop a strong digital economy."
However, the report says that the number of ICT and cyber security professionals has not increased in line with the growth of the internet, and claims that this shortage is hampering the UK's ability to protect itself in cyberspace and promote the use of the internet.
In particular, the NAO explained, a key concern is attracting and retaining talent, with the Intelligence and Security Committee recently pointing out that GCHQ finds it difficult to retain internet specialists in the face of private sector competition.
Academics interviewed by the NAO predicted that it could take up to 20 years to address the skills gap that currently exists at all levels of education.
However, the report congratulated the government for setting up initiatives to tackle the skills gap, and in particular praised plans to overhaul ICT teaching in schools to make it "genuinely about computer science rather than office skills", with cyber security expected to be a significant strand of the future GCSE computer science syllabus.
The report said that the government needs to address six key challenges in implementing its cyber security strategy: influencing industry to protect and promote itself and UK plc, addressing the skills gap, increasing awareness so that people are not the weakest link, tackling cybercrime and enforcing the law, getting the government to become more agile and joined-up, and demonstrating value for money.
The NAO said that the government does recognise the risk of a lack of public awareness of how to stay safe online, and plans to continue funding public awareness drives. However, it called for better targeting of campaigns, "particularly those from lower socio-economic groups and those less competent with ICT."
Kable analyst Josh Hewer said, "There are no real surprises in this NAO report- and it highlights the challenge for the government, namely lack of skills and ownerships given the heavy reliance on the private sector. For suppliers, the opportunity is addressing the skills gap facing UK government, as opposed to supplying goods and services. Actions which could benefit government and put suppliers in good standing with departments would include the sharing of best practise and secondments of skilled staff."