2022 cyber security skills in the UK labour market

Research aims

This report represents the latest in an annual series of studies to improve their understanding of the current UK cyber security skills labour market. The previous studies were published by DCMS in 2021 (fieldwork in 2020), 2020 (fieldwork in 2019) and 2018.

• Download the report here

This research set out to gather evidence on:

• Current cyber security skills gaps (i.e. where existing employees or job applicants for cyber roles lack particular skills)
• Current skills shortages and the level and type of job roles they affect (i.e. a shortfall in the number of skilled individuals working in or applying for cyber roles)
• The role of training, qualifications, recruitment and outsourcing to fill skills gaps
• Where the cyber security jobs market is active geographically
• The roles being labelled as cyber roles versus ones that are not but require a similar skillset
• The role that recruitment agents play in the cyber security labour market
• Diversity within the cyber sector
• Staff turnover in the cyber sector

Key findings

As this year’s study is a continuation of previous iterations with similar research aims, several headline findings are consistent with previous years’ results. Namely, we continue to observe the prevalence of technical cyber skills gaps within and outside the cyber sector, including an ongoing lack of basic cyber skills among half of all UK businesses. Basic cyber hygiene should remain a priority for businesses across the UK economy.

This year’s study also paints a detailed picture of an evolving cyber security labour market, with a rapid and substantial growth in demand for cyber skills, changes in the ways roles are advertised and recruited, an increasing interest in effective, holistic training approaches to build people’s confidence and skills, and a potentially heightened awareness of workforce diversity issues. With this in mind, the newest insights from this 2022 report are as follows:

• The demand for cyber security professionals has increased significantly in 2021
• The COVID-19 pandemic and resulting changes to working practices continue to bring opportunities and challenges to the cyber security labour market
• There are early-stage indications that the cyber sector is increasingly taking on entry-level staff
• Over the last 3 years, cyber sector firms have evolved their recruitment approaches
• A lack of complementary skills among job applicants has become a bigger issue for cyber sector businesses this year
• More businesses this year find themselves lacking incident management skills
• The perceived effectiveness of cyber security training for those in cyber roles outside the cyber sector has fallen this year
• Among many businesses, workforce diversity is a higher profile issue in general than before, and there has been progress in diversifying the cyber workforce

Methodology and technical note

This was a mixed method research project using both qualitative and quantitative research approaches including:

• Representative surveys with cyber sector businesses and the wider population of UK organisations (947 private sector businesses, 123 public sector organisations, 211 charities and 224 cyber sector firms)
• Qualitative research with 14 cyber sector firms, 9 large private/public sector organisations, 4 cyber specialist and non-specialist recruitment agents
• A secondary analysis of cyber security job postings on the Burning Glass Technologies database, as well as recruitment pool data originating from the Higher Education Statistics Authority (HESA)

Fieldwork took place between August and November 2021. The report was published in May 2022.