The latest research from McAfee reveals that British school education has played a major role in today’s cyber skills gap – leaving adults without sufficient IT skills and little to no insight into careers in cyber security.
In a survey of 2,000 UK-based respondents, McAfee found a clear link between school IT lessons and interest in cyber security roles. More than one in five (21%) British adults would have considered a career in cyber security if IT lessons had been more interesting at school – either considering it an option or looking into it further. A further 15% of respondents confirmed they would definitely have considered a cyber security career if they had received more interesting IT lessons classes.
The research also revealed that seven in ten British adults (70%) feel that their school education didn’t set them up with sufficient digital skills and knowledge of IT. Perhaps unsurprisingly, this was more prevalent amongst older respondents – 83% of adults over 65 years old compared to 59% of 18-24 year olds.
The majority of respondents (88%) were not aware of the possibility of a career in cybersecurity when they were at school, highlighting the importance of implementing realistic career-led IT education to encourage younger generations to enter this field. The gender gap clearly comes into play even at this stage: 61% of male respondents were aware of the option of a career in cybersecurity compared to just 39% of female respondents. This is particularly sobering off the back of this year’s GCSE results, where girls accounted for just 20% of entries for the new computer science GCSE.
Nick Viney, VP Consumer at McAfee stated: “This insight into the widespread uninspiring view of careers in cyber security makes it clear that fixing the cyber skills gap will require more than an updated curriculum. However, teachers are not to blame. Our sector needs to attract new talent but that won’t happen if the industry cannot convey the wide variety of available job opportunities or the fast-paced and challenging nature of careers.
“The view of cyber security needs to change at a national level. While updates to the curriculum could help plug the skills gap and inspire a new generation of cyber experts, it won’t come into effect straight away. Instead we need to foster new education models and accelerate the availability of training opportunities for all.”
The reality of cyber security
The rapid increase in potential cyber security roles in the UK combined with generous salaries and a shifting threat landscape means there couldn’t be a more exciting time to kick off a career in cyber security. Yet the majority of British adults have a mundane view of the profession. Almost half (47%) think of “managing IT systems to keep data safe” when asked what a career in IT security involves – demonstrating a widespread view of IT as a reactive, slow pace sector.
The reality is very different. McAfee’s recent ‘Disrupting the Disruptors, Art or Science?’ report investigated the role of cyber threat hunting – revealing an increased focus on automated technology and proactive threat hunting. In fact, 68% of organisations say better automation and threat hunting procedures are how they will reach leading capabilities. The rise in human-machine teaming means successful cybersecurity teams are three times as likely to automate threat investigation, allowing up to 50% more time for the team to undertake actual threat hunting.
Despite this seismic shift in the cyber security industry, this most recent data from McAfee shows that fewer than 1 in 10 (9%) think of the more engaging aspect of IT security: “proactively hunting for cyber threats”. This includes following clues and personal hunches based on studies of adversaries’ tactics, techniques, and procedures – and working quickly to keep pace with cyber attacks today.
Raj Samani, chief scientist and fellow at McAfee, commented: “Cyberattacks are the future of crime. As more businesses take this on board and realise that mitigating attacks is not outside of their control, we will see a rise in the importance placed on threat hunting at an enterprise level. Protecting data and correcting systems after an attack is no longer sufficient. Business must be prepared to proactively seek out and detect any threats. It’s a fast paced industry and we sorely need a new generation of threat hunters to come through and ensure the UK retains its place as a key – and secure – market for digital business.
“It’s time to brush away the tired old image of IT professionals forced to spend their time just changing passwords and managing systems. Cybercriminals are coming up with varied, sophisticated attacks to weaponise data and systems – and it takes inspired, innovative cybersecurity professionals to proactively find emerging threats and beat criminals at their own game. The education system plays a key role in inspiring the threat hunters of tomorrow but the industry also needs to get involved to ensure young people are aware of the amazing career opportunities available in our sector today.”