DSIT cyber security newsletter - August 2023
Published 3 August 2023
© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dsit-cyber-security-newsletter-august-2023/dsit-cyber-security-newsletter-august-2023
1. Director’s message
First, a quick introduction. Erika Lewis, director of the DSIT cyber directorate, is away for a few months to work on another government priority. I have been appointed into her role until she returns. I have worked on most areas of our cyber portfolio in recent years but I am looking forward to learning more and meeting more of our stakeholders and delivery partners.
Cyber security may be powered by technology, but at its core are the thousands of people delivering the products and services to keep our people and economy safe. That’s why every year DSIT conducts the Cyber security skills in the UK labour market survey to monitor and analyse whether we have the right people with the right skills to achieve this ambition.
We have recently published the latest edition. It reveals there is still huge demand both within the sector and across the wider economy, with more than 160,000 job postings across the past twelve months looking for cyber security skills. This is an increase of 30% over the past year. To meet his demand it is pleasing to see the number of students enrolled in cyber security courses has increased by 29% (from 14,910 to 19,200) and the number of students graduating in a cyber security course has also increased by 19% (from 3,670 to 4,360).
But challenges still remain. Half of UK companies reported a cyber security skills gap and just 17% of the workforce is women. While this is in line with previous years it demonstrates there is still work to encourage more women to enter and progress through the profession. One such programme is Empowering Women to Lead in Cyber Security that is supported by Government Security and techUK. Applications are now open cohorts across the country and you can find more details in this newsletter.
Another key part of our research programme is the Cyber Sectoral Analysis, which provides an overview of the cyber security sector itself. As part of this year’s study Ipsos and Perspective Economics are asking cyber companies to take part in a short online survey. Please do participate as a strong and accurate evidence base really helps us shape effective policy.
Finally there is still time to apply to be a part of the Grow and Scale cohorts of Cyber Runway, the DSIT-funded accelerator for UK cyber companies. If you need support to grow and develop your company, please apply.
Andrew Elliot
Director , Cyber Security and Digital Identity
2. New report details UK cyber security skills needs
DSIT has published the annual Cyber security skills in the UK labour market research report. This is the fifth iteration of this research which details career pathways and specialisms of cyber sector employees, diversity, skills gaps and shortages, analysis of job vacancies, and supply of cyber security skills.
Key findings in the 2023 report include:
- 50% of all UK businesses have a basic cyber security skills gap, while 33% have an advanced cyber security skills gap.
- There were 160,035 cyber security job postings in the last year. This is an increase of 30% on the previous year. 37% of vacancies were reported as hard-to-fill.
- Only 17% of the cyber sector workforce is female and 14% of senior roles are filled by women.
- There is an estimated shortfall of 11,200 people to meet the demand of the cyber workforce.
3. Grow your business with Cyber Runway
Applications are now open for the Grow and Scale cohorts of Cyber Runway, the UK’s largest accelerator for cyber companies. Funded by DSIT and delivered by Plexal, Cyber Runway provides businesses with the skills, connections and mentors they need to grow and expand.
The programme is delivered virtually so you can take part wherever you are based, and there are also in-person events across the country to bring the community together.
Applications close on 14 August. Learn more about all the benefits on Plexal’s website and get in touch with the team on cyberrunway@plexal.com if you have any questions.
4. Cyber Security Leaders programme for women open for applications
Empowering Women to Lead Cyber Security is a unique, cross-sector, leadership programme for women in information security, delivered by Empowering You in association with techUK and the Government Security Group in the Cabinet Office.
Its aim is to build a collaborative and powerful community of female leaders in the sector. Delivered over three months from September to November and free for participants, the programme enables the transition of aspirational and early to mid-career professionals, team leaders and managers into more confident, capable and energised leaders.
Applications for the programme are now open with regional cohorts taking place in London, Southern England, the Midlands, Northern England and Scotland.
5. Cyber sectoral analysis 2024: have your say
In partnership with Ipsos Mori and Perspective Economics, DSIT is once again undertaking its annual Cyber Security Sectoral Analysis. The analysis provides an overview of the UK cyber sector, including its size, revenue and geographic distribution. The research helps DSIT develop policy and is also of use for the wider cyber sector.
To help deliver next year’s analysis DSIT are asking organisations to take part in an anonymous survey. Participation will help strengthen the findings of the Analysis and provide a more accurate representation of the UK cyber sector. The deadline for submissions is Friday 4 August.
6. New Secure Connected Places research published
Following the launch of the Secure Connected Places Playbook in May, DSIT has published the outputs of two further research projects. The first is an international evidence building research project, providing an overview of how other countries are approaching the challenge of securing their connected places (also known as ‘smart cities’).
The second is a literature review, exploring how public perceptions of connected places may affect their security and sustainability. Both reports will support DSIT’s ongoing and future policy work. DSIT welcomes both reports being shared across your networks. If you would like to discuss either of these publications in further detail, please email secureconnectedplaces@dcms.gov.uk.
7. Cyber Essentials Scheme evaluated in new research publication
DSIT has published a process evaluation of Cyber Essentials, a government cyber security certification scheme designed to help all organisations improve their cyber resilience through five technical controls. Conducted by Pye Tait Consulting, the report explores how the scheme is being implemented, describes the activities used to administer it and investigates the processes through which its outcomes are achieved.
The research shows Cyber Essentials is helping organisations to adopt best practice cyber hygiene behaviours:
- 71% of survey respondents report improved cyber security understanding following certification.
- Since obtaining certification, 31% of respondents have started using Cyber Essentials to assess the cyber security of their supply chain.
- 42% have applied technical controls beyond what is required for Cyber Essentials following the certification process, showing that the scheme is a catalyst for taking further action.
You can read the full report here.
8. Active Cyber Defence - sixth annual report published by NCSC
The National Cyber Security Centre has published its sixth annual report into its Active Cyber Defense programme.
The programme is one of NCSC’s most successful projects to counter online threats, reducing high volume attacks (such as malware) from reaching UK citizens while removing the burden of action from the user. Its core services include Takedown, Protective DNS, Early Warning and Exercise in a Box
Key achievements in 2022 were:
- Over 5 million requests blocked for domains associated with ransomware, this marks a significant contribution to protecting UK organisations from this threat.
- Over 7.1 million reports on the Suspicious Email Reporting Service received from members of the public an average of over 19,500 a day. This is an increase of over 33% on the number of reports received in 2021.
- By the end of 2022, just over 18,500 users worldwide were using Exercise in a Box, an increase around 40% on 2021.
9. Research Ventures Catalyst: open for applications
DSIT is inviting bids for up to £100,000 of ‘seed corn’ funding to help applicants develop technical plans for new research projects as part of its Research Catalyst Ventures programme. We are seeking lead applicants with a clear vision to grow a new venture from the ground up and deliver high impact research in a new way.
You will need to have an entrepreneurial spirit, proven leadership skills and an aptitude for forging relationships and thinking creatively about organisational design. You must have demonstrable expertise in your research area, and the ability to build consensus and interest in your proposal, bringing together experts and financial backers to invest time and money in your idea. Applicants who receive funding are then invited to submit full plans for their new venture for the chance of receiving up to £25 million of funding.
10. Cyber Fairy Tales project inspires girls into cyber security
An evaluation has set out the success of a new programme to inspire young people into cyber security careers. DSIT has been supporting STEMFirst’s Cyber Fairy Tales Escape Box project to inspire young people, particularly girls, in the North West to pursue an interest in cyber.
The project utilised an escape-room centred around cyber-crime prevention, using the tale of Hansel and Gretel to engage primary school-aged students in solving challenges related to hacking, spam, personal information, authentication, and encryption. The two-hour challenge aimed to develop students’ employability skills, raise awareness of cyber careers, and demonstrate the importance of cyber-crime prevention.
The pilot sessions were well-received, with all students enjoying the experience and two thirds (66%) saying they would like to work in the cyber sector. Teachers have praised the programme’s impact, with Cyber STEM Ambassadors finding it inspiring to engage with young people about essential opportunities in the cyber field.
11. Charity sector phishing scam warning
The NCSC has seen a rise in phishing attempts within the UK charity sector. The publications below provide detailed information and guidance relating to this rise, it is recommended that where possible, to share this with organisations you are working with. NCSC would like to remind charities to follow NCSC guidance to help improve their resilience against phishing attacks.
- Learn more about defending against phishing attacks at Phishing attacks: defending your organisation - NCSC.GOV.UK and Step 5 - Avoiding phishing attacks - NCSC.GOV.UK
- Read the Small Charity Guide at Small Charity Guide (Infographic Summary) - NCSC.GOV.UK
- Make use of the NCSC Training for Staff at NCSC’s cyber security training for staff now available - NCSC.GOV.UK