The UK’s digital economy is growing rapidly, but cybersecurity remains one of the greatest skills challenges of our time; the UK’s cybersecurity workforce remains critically underdeveloped, fragmented, and misaligned with the scale of the digital threats it faces. That’s according to a paper by Dr Ismini Vasileiou. She’s Co-Chair of UKC3, Director of East Midlands Cyber Security Cluster (EMCSC), and Associate Professor at De Montfort University (DMU) in Leicester.
She argued for a UK-wide skills taxonomy co-developed by government, industry, and education, and called for a DSIT-led taskforce to assess systemic fragmentation and co-create a national ‘UK Cyber Skills Taxonomy’, defining roles, career progression, and skill levels. Input ought to come from relevant government departments, industry, academia, and parliamentary select committees. A national delivery body should own and govern the taxonomy, she added.
She wrote: “Such a taxonomy would allow consistent role definitions, skill standards, and career progression across sectors. Without it, continued misalignment will only deepen. Discussion at the Parliamentary Roundtable made it clear: the UK should move beyond fragmented efforts and take coordinated, decisive action to secure its cyber future. There is strong consensus among industry, academia, professional bodies, and government that without clear, standardised definitions of roles, competencies, and pathways, we risk continued misalignment between education and employment, and a continued shortfall of skilled professionals.”
She pointed to recent arrests after cyber-attacks on M&S and Co-op that show the real and growing threat faced by UK citizens and businesses. She added: “What doesn’t make the headlines is the UK’s chronic shortage of cyber professionals. There’s currently a mismatch between Government industrial ambition and educational reality. We won’t secure a 21st century digital economy with a 20th century skills pipeline.
“This is emerging as a critical situation for SMEs, which are the backbone of the UK economy, but which are increasingly exposed as they race to meet modern digital expectations and standards.”
DSIT small-scale interventions show political intent, but further systemic depth and national scaling are needed to fully address persistent structural challenges in the cyber workforce, she argued. Employers should be supported to adopt clearer, skills-based job descriptions aligned with the taxonomy; towards shifting recruitment away from outdated proxies (such as, certifications alone). Education and career pathways ought to be aligned to real-world cyber roles, she suggested, complaining that entry-level ways into the field are ‘limited and confusing’. The sector continues to rely heavily on traditional academic pathways, excluding career changers, and the self-taught, while women, ethnic minorities, and the neurodiverse remain underrepresented.
Fragmented
The UK Cyber Security Council, CIISec (Chartered Institute of Information Security), BCS (formerly known as the British Computer Society), and others have worked to define roles; yet have created ‘a fragmented ecosystem’, she wrote.
Dan Aldridge, Labour MP for Weston super Mare, chair of the All-Parliamentary Group for Cyber Innovation, said in a foreword to the document: “Building a resilient and digitally capable workforce is fundamental to our country’s economy, and future workforce. As members of Parliament, ensuring everyone has the opportunity to develop cyber skills matters to keep our constituents and local businesses safe. Without such a foundation, we risk perpetuating the very gaps we are striving to close, and undermining the government’s mission of sustainable digital transformation.
“This White Paper highlights widespread consensus on the need for a shared language and structure for cyber skills, and we urge our colleagues across Parliament to treat this white paper not as another strategy, but as a call to action, to help build a cyber workforce that is as dynamic and diverse as the challenges we face.”
More at the DMU website.
Funding
The East Midlands Cyber Security Cluster has £150,000 through the Government’s Cyber Local scheme, for a project to make cyber resilience not just the responsibility of IT departments, but a core part of how organisations think, operate and grow. It was one of 20 projects funded across England, selected from more than 110 applications. More at the DMU website.
