The UK’s fight against cyber-crime is being hampered by a lack of relevant skills, engineers warn today.
Small businesses are coming under increasing attack from hackers, according to new government data, but a survey by the Institution of Engineering and Technology (IET) found only 30 per cent of such companies felt they had sufficient cyber protection.
Recent research by the Department for Business, Innovation and Skills (BIS) found that 87 per cent of small businesses (and 93 per cent of large ones) experienced a breach in their cyber security in the last year, an increase of over 10 per cent.
But the IET survey of 250 small and medium enterprises (SMEs) found only 14 per cent of them said cyber security threats were the highest priority and that they already had sufficient skills and resources in place to manage the threat.
The IET’s cyber security lead, Hugh Boyes, said the problem was both a lack of engineers going into the cyber security sector and a failing of universities to include an awareness of the issue in the computer programming courses
‘It’s a combination of software skills and system engineering skills,’ he told The Engineer. ‘For example, many university engineering courses teach students basic programming skills but don’t focus on the trustworthiness of the software they produce – making it secure and reliable.
‘Because of the interconnection of systems, we need to increasingly think about how a piece of hardware or software works with everything else …
‘A lot of courses focus on the maths of engineering rather than the big picture of building systems and the consequences if it goes wrong.’
The government-run Technology Strategy Board recently extended its voucher scheme offering SMEs the chance to bid for up to £5,000 from a total pot of £500,000 to improve their cyber security with outside expertise.
But the IET survey found that only half of the SMEs contacted were aware of the government’s Cyber Security Strategy.
The IET is also developing its own scheme to sponsor cyber security masters degree courses at selected universities, which aims to give the sponsored students cyber security skills they can apply in their current job, or the opportunity to develop a career in a cyber security role.