The UK government has identified the nation’s cybersecurity sector as a key economic growth driver citing “exceptional performance” over the last year, but experts say the sector has more to offer if certain obstacles can be overcome.
A new report released by the Department for Science, Information, and Technology (DSIT) revealed the UK’s cybersecurity sector generated £13.2 billion over the last year, including £7.8 billion in gross value added (GVA).
The sector currently employs an estimated 67,300 people, and Feryal Clark, MP and parliamentary undersecretary of state at DSIT, revealed it created 6,600 new jobs in the past year alone, stating it is a “key part of our vision for kickstarting economic growth”.
The current government, and its predecessor, set out bold ambitions for the UK to become a tech hub and global leader in the AI space, and the DSIT report claimed cybersecurity will be fundamental in realizing these ambitions.
“Cybersecurity is critical to our economic resilience and underpins the deployment of all emerging technology, but also routine transactions, from banking to social media, that we all rely on,” Clark’s foreword to the report stated.
Speaking to ITPro, experts agree that the cybersecurity sector has a lot to offer the national economy, but said there are key barriers to exploiting the remaining value the industry has to offer.
What’s holding the UK cybersecurity sector back?
Andy Kays, CEO at Socura, suggested the £13 billion figure is slightly underestimating the true value the sector adds to the UK economy, arguing that if the UK can address a handful of significant challenges it could unlock “incalculable” growth potential.
“£13bn is a lot of money but the real value added to the UK economy by the cybersecurity market is incalculable,” he claimed.
“While it’s great to see growth, there is so much more potential, particularly if we can address long-standing issues such as lack of technical skills, regional disparities, lack of investment in research and startups, and apathy amongst SMEs.”
DSIT research into cybersecurity skills in the UK labor market in 2024 warned that skills gaps have not shifted much in the last six years, estimating that 637,000 (44%) businesses in the UK have basic skills gaps.
The report noted this means employees responsible for security in these businesses lack the confidence to carry out the basic tasks laid out in the government-backed Cyber Essentials scheme.
Furthermore, DSIT projected that 390,000 (27%) have advanced skills gaps, which refers to skills that are not outsourced but considered important or required for businesses with more complex security needs.
Speaking to ITPro, Jason Howells, VP of Channels EMEA at Barracuda Networks, said another major issue affecting the industry is the disparity between SMBs and larger enterprises. A common misconception among many smaller businesses is that they don’t need to invest in cyber as heavily, which is placing many – and the broader business landscape – at risk.
“There is still the perception that the smaller guys don’t need to worry about it because they’re not going to get attacked, they’re not the target audience, and it’s exactly the opposite,” he said. “They’re exactly the target audience for that very reason that they haven’t made the right investments.”
Howells cautioned, however, that ongoing global talent shortages only exacerbate this problem as those SMBs that do take their security seriously aren’t able to attract or retain people with the required skills.
“Even if they had the biggest budgets in the world, even if they had all the inclination in the world to go and try and build out this stuff for themselves, they’d never be able to do it, because you can’t find the people or afford the people to be able to do it,” he explained.
“Even if you can find them, because there is such a skill shortage in the world, to retain them is a full-time job.”
