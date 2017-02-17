The lack of cyber security skills has been a hot topic in the news this week but this shortage of trained cyber security professionals has been very clear for a long time to those in the industry. As the UK and Europe’s biggest cybersecurity company, we at Sophos welcome any Government commitment and funding to improve the UK’s cybersecurity through education and any increased focus on cybersecurity Initiatives such as the Academic Centres of Excellence in Cyber Security Research and this week’s announcement by Philip Hammond that the NCSC will collaborate with private sector are positive steps. However, we need to think even bigger and broader than this – it is critical that we invest now to train generalist IT people to help them improve their cybersecurity awareness and skills and that Government time and money is spent in areas where they can have the most impact. We would therefore like to see more investment in schemes that provide security training for both consumers and generalist IT people alike, aiming at getting the basics right first before tackling advanced ‘propeller head’ topics. In addition, with the number of cyber-attacks on the rise, it is important the government should be investing more in getting its own house in order.

50% of the UK’s private economy and 60% of UK employees are in small and medium sized businesses with less than 250 employees, meaning very few, if any, of these businesses can afford to have an in-house cybersecurity expert. These businesses may have to rely on one or two people to do everything IT related, leaving them little time to focus on cybersecurity. In the smallest businesses that person might work for a partner to whom they outsource their IT, or it might be someone internally for whom IT is not even their day job. In many other businesses there might be a team of one, two or three IT people who have to do everything from changing printer cartridges to configuring a firewall or defining a cybersecurity strategy. And of course most consumers or self-employed people have no one to rely on but themselves or the friend/relative/neighbour who vaguely understands computers.

Sophos firmly believes that as a cybersecurity industry we need to focus on building products and services that can be used by generalist IT people with limited time available, by automating and simplifying wherever possible. Way too much of the cybersecurity industry’s focus is on building products aimed at the huge teams of trained cybersecurity specialists in the FTSE 100 or Global Fortune 2000 companies. In actual fact these products are simply too complex for the typical overstretched IT team to make use of.