Cybersecurity - How does the UK stack up against USA?

The United States is home to many things. The World’s biggest ball of twine, The Heart Attack Bar & Grill and the largest hub of Cybersecurity Professionals in the world.

True to form, America is the land of opportunity for a cybersecurity professional looking to make a very healthy amount of money. A Cybersecurity Analyst in the U.S can expect to earn $55K to $143K. This fluctuates state to state, with the best-paid professionals plying their trade in the Californian region Silicon Valley. Following the Valley, Washington, Maryland & New York City are the top places to work according to LinkedIn’s salary comparison.

The US has made such a commitment to developing Cybersecurity talent that even the Girl Scouts, famous for their irresistible cookies, have started awarding badges for cybersecurity practices. A great initiative to actively increase the number of females within the Cyber Security market. According to an article published in July 2019 from Cyber Security Ventures, just 1 in 5 security professionals are female.

Barriers to Entry

Generally put in place as quality assurance, barriers to entry exist within cybersecurity for the market to make sure that all entrants can perform within the role that they will play. This is the same for companies entering a market as it is for candidates joining businesses within the industry. The thing with Cyber Security is that it transcends industries. The Google Display Network is home to 2,000,000+ connected sites, that’s over 2,000,000 opportunities for hackers to exploit businesses for their information. It is for this reason that there are no generic barriers to entry for a Cyber Security professional to meet, it can vary from business to business. Of course, there are the widely recognised accreditations & qualifications that you can achieve to demonstrate your knowledge and skills, qualifications such as the Security+ or a course with Firebrand or RobustIT.

According to GlassDoor, Cybersecurity interviews in the UK seem to follow a similar path. The general trend seems to be to ask competency-based questions rather than asking about education. Hargreaves Lansdown, an investment service, asked interviewees how they would attack the company. MUFG asked candidates for the blogs they followed, and software’s they were familiar with. BT asked what their candidates knew about the Cyber kill-chain.

Across the board, it seems that businesses are much more interested in a person’s ability to complete the tasks within the job than their qualifications.

Where is the skills gap in Cybersecurity?

Unemployment in Cyber Security stands at 0%

Cybersecurity is published as a top priority for the UK Government. The National Cyber Security Strategy (NCSS) published in 2016 plotted the course for Cybersecurity in the UK for the following 6 years up to 2022. The Strategy outlines a desire to bridge the skills gap that the UK currently finds itself in.

In 2018, a study found that 54% of businesses in the UK have a basic technical cyber security skills gap. Given the scale of this gap, the Government has developed initiatives designed to correct this gap by creating a higher skilled workforce. This will be achieved through upskilling workers operating within the market already and making education & training more accessible to people that have an interest in the Cyber Security space.

What is the cost of forgoing cybersecurity within the business?

In the past two years, Insurance provider, Hiscox have launched Marketing campaigns with the objective of raising awareness of cybersecurity threats. The higher profile campaigns have included impersonating a Bike shop across the road from them to replicate the process of Cyber-crime.

In recent months both Marriott & British Airways have been hit with major fines for their poor data management. Cybersecurity will only grow in importance as hackers develop more sophisticated methods of cracking firewalls & networks. In 2017 an unnamed Casino in the US was hacked through their Aquarium via the IoT network they had running the building. Cybersecurity firm Dark Trace produced a report about the attack in which they didn’t name the casino or amount lost during the attack. This attack should stand as a warning that literally any business that operates on a network is vulnerable to attack.

In the past there has been a fallacy that it is only large corporations that get attacked, this is both naïve and dangerous. Much like a thief shall target the houses with the least home-security, a hacker will target the networks they view as having the least resistance. It is only the high-profile cases that make the news.

What are UK Businesses doing to improve this?

So, it is clear that the UK has fallen far behind the curve in terms of Cybersecurity. The US leads the way with no country able to compete with them on salaries. However, with shifting opinion towards Cybersecurity it is possible to suggest that the gap could be closed in the coming years. In the Governments’ – Initial National Cyber Security Skills Strategy – They lay down their ambition of the UK becoming the Worlds largest digital economy. Setting this as the overarching goal for the coming years, they also detail initiatives that they are putting in place to aid progression towards these objectives. The newly formed Independent UK Cybersecurity Council have been tasked with building a structure that will ensure the development of Cybersecurity talent in the years to come.