Vanessa Henneker, chief operating officer at the UK Cyber Security Council, explores why the UK’s cyber‑skills gap persists and how clearer professional standards, accessible career pathways and a coordinated national approach can help build the capable, confident workforce needed
We live in the Cyber Age. So much of our lives – our phones, laptops, tablets, cars, even household appliances – are connected to the internet and constantly sharing data online.
That data is some of the most valuable currency in the world and cyber criminals go to great length to access it; something that affects us all on an individual and a societal level. Any breach, whether it’s in the private or public sector, can have a huge knock-on effect.
Cyber security professionals work to protect our information systems and networks from cyber-attacks. It’s a profession that plays a crucial role in keeping us all safe; the need for a well-trained and capable cyber security workforce has never been more important. However, a lack of understanding and consistency around the cyber security profession can make building a career or finding the right practitioners challenging. This, plus ever-increasing demand, has created a cyber-skills gap.
Research from the Department for Science, Innovation and Technology, estimates that 50 per cent of all businesses in the UK have a basic cyber skills gap, and 33 per cent have a more advanced skills gap – that’s the difference between the skills they need, and the skills they have.
Why is there a skills gap?
Cyber security threats, and the defences against them, are constantly evolving. This leads to a fast-moving sector, regularly adapting to changing needs and requirements, all whilst looking to the future at what might come next.
But, with these constantly changing threats, many organisations still lack clarity about what ‘good’ looks like in a cyber role. What skills, experience and expertise do practitioners need to tackle the threats they face? Without clear answers, employers can struggle to set expectations for recruitment and, as a result, it can be difficult to find the right people.
Similarly, there is also a lack of understanding around accessible entry routes into the profession. To those without prior experience or knowledge, a career in cyber security can seem either vague or overly complex, discouraging people from pursuing it.
Even those starting out on traditionally cyber-adjacent courses such as computer science, can find the range of professional pathways daunting. And for those studying different subjects, or looking to change careers, it’s not often understood that are many other routes into the sector, and a wide variety of transferable skills.
Where do the UK Cyber Security Council come in?
The UK Cyber Security Council was established by Royal Charter in 2022 to connect, champion and charter the UK’s cyber security profession.
Through setting government backed standards for competence and ethics, awarding professional titles, and supporting more people to get into a career in cyber, we’re on a mission to grow and empower the UK’s cyber security workforce.
Professionalising the sector
At the Council, one of our central aims is to create greater transparency and consistency around the skills and experience required for different cyber security roles.
In collaboration with partners across industry and government, we developed the UK Cyber Security Standard for Professional Competence and Commitment. The Standard is a government backed, common framework that sets out the competencies, knowledge, skills, and ethical expectations for cyber security professionals across a range of specialisms and career stages.
We also established and maintain the first live national register of cyber security professionals. As the only body chartered to award professional titles in cyber security, the Council confer four: Associate Cyber Security Professional, Practitioner Cyber Security Professional, Principal Cyber Security Professional and Chartered Cyber Security Professional.
The titles reflect a progression in knowledge, expertise and professional development, from starting a career in cyber security to achieving professional mastery and recognition.
As with professions like engineering, law or accounting, professional cyber security titles set a unified standard of excellence. They can give employers confidence that that a practitioner has the skills, experience and ethical standards to succeed in a specific role.
Currently, individuals can achieve professional registration in eight cyber security specialisms. Each is contextualised to the UK Cyber Security Standard for Professional Competence and Commitment, providing clear evidence that the holder can bring the skills an employer is looking for.
By the end of 2025, the UK’s Cyber Security Professional Register reached 1000 registrants – an important milestone, but only the beginning. We’re excited to continue working with partners across industry as well as national and devolved government to grow and professionalise the UK’s cyber security workforce.
Championing cyber careers
But what about paths into the sector? For those starting their working life, or considering a career change, how can we make cyber security inviting, accessible and easy to navigate? Last year, we launched our Cyber Access Network (CAN), designed to empower and support the next generation of cyber security professionals.
Free to join, and open to anyone over 16 interested in exploring a career in cyber, it offers networking opportunities, interactions with employers, webinars, newsletters and a range of curated career guidance. It’s a platform to showcase both the benefits and the practical steps involved in starting a career in cyber security.
Those exploring the sector can access a wide range of resources, including guidance on entry routes into the sector, interactive tools to help identify career interests, and detailed information on different cyber security specialisms, including examples roles, average salaries and suggested career steps.
Additionally, our new Associate level professional title was created for those at the start of their career as a first step on the professionalisation ladder. It helps individuals transition from entering the sector to progressing through it, aligning themselves with our unified Standard of competence and ethics as they advance.
Connecting the sector
The UK Cyber Security Council was created not only to set standards and award professional titles, but also to connect the cyber security sector. We’re here to amplify the voices of those across the industry who are looking to make the UK the safest place to live and work online.
Closing the cyber skills gap depends on collaboration across the public and private sectors – sharing expertise, promoting best practice and supporting career development. A coordinated, collaborative approach is essential.
As we enter a new year, there is so much exciting work to be done to support this vital profession and to continue building a cyber workforce that is skilled, understood and empowered.
