Ethical Hacking News
UK's Cybersecurity Shortfall: A Call for Higher Salaries to Attract Top Talent
The UK's information security sector is struggling to attract top cybersecurity talent due to inadequate recruitment policies and low salaries.The government needs to offer higher salaries than the Prime Minister to attract senior officials, according to COO Cat Little.A National Audit Office report highlighted the government's lack of progress in becoming "substantially" cyber resilient by 2025 due to recruitment issues.Proposals to deploy top cybersecurity officials strategically across government are being considered to address the issue.The complex supply chain arrangements and multiple layers of accountability within arm's-length bodies make it challenging to gain comprehensive understanding of systems.A more effective system for requisitioning data is needed, with some organizations not being prioritized due to size and complexity.Legacy tech across government remains a concern, particularly in national security entities such as the National Crime Agency and Crown Prosecution Service.The focus should be on cost savings from employing top-quality defense talent rather than individual salaries.
The United Kingdom's information security sector is facing a significant challenge as senior officials acknowledge that top cybersecurity talent cannot be attracted without offering salaries higher than those of the Prime Minister. This revelation comes as part of a broader effort by the government to address its cyber resilience goals, which were set in 2022 but have yet to be met due to various factors, including inadequate recruitment policies.
According to Cat Little, the COO of the UK's civil service, the government is aware that its remuneration offers are too low to attract top cybersecurity talent. This sentiment was echoed by a National Audit Office (NAO) report earlier this year, which highlighted the government's lack of progress towards meeting its goal to become "substantially" cyber resilient to common cyber attacks by 2025.
The NAO report attributed the stagnation in the government's cyber resilience efforts to its recruitment policies, which have resulted in lower salaries compared to the private sector. This has led to a shortage of skilled cybersecurity professionals willing to join the civil service. Little emphasized that top information security officials will be required to defend Britain from cyber threats if the government wants to get serious about addressing these risks.
The proposal to pay top cybersecurity officials more than the Prime Minister is not unprecedented. In 2024, it was revealed that former chief of staff Sue Gray was being paid £170,000 a year – which was £3,000 more than UK Prime Minister Keir Starmer at the time. However, this incident led to Gray's resignation shortly after amid speculation she would be sacked.
Little alluded to the possibility of hiring senior cybersecurity officials and deploying them strategically across government for maximum impact. This approach could involve hiring a few permanent CIOs (Chief Information Officers) and CISOs (Chief Information Security Officers) in key government departments. Such an approach would allow the government to establish a strong foundation for its cyber resilience efforts.
The challenge of attracting top cybersecurity talent is further complicated by the complex supply chain arrangements and the numerous layers of accountability within arm's-length bodies. According to Little, the GSG (Government Secure Group), which works with organizations to improve their security posture, has already collaborated with several entities but faces difficulties in gaining comprehensive understanding of systems across all Arm's-Length Bodies.
In addition to the issue of attracting top cybersecurity talent, there is also a pressing need for a more effective system for requisitioning data. Davinson, from the GSG, explained that while the organization has worked with various organizations, not all ALBs (Arm’s-Length Bodies) have been prioritized due to their size and complexity. She emphasized the challenges in understanding systems within these entities.
The problem of legacy tech across government has also come under scrutiny. Labour MP Luke Charters expressed disappointment that the government does not seem to have a grip on where legacy systems are located across arm's-length bodies, particularly those crucial to national security. These include organizations such as the National Crime Agency, Crown Prosecution Service, and Nuclear Decommissioning Authority.
Charters highlighted that these entities, although significant, were used only as examples of important ALBs rather than because they are notorious for their legacy tech issues. The introduction of a digital-specific pay framework in recent years has been aimed at addressing the issue of highly skilled cyber experts not being paid the same as other civil servants.
Finally, PAC member Rachel Gilmour emphasized that the focus should not be on how much an individual is paid but rather on the potential cost savings from employing top-quality defense talent. The example she provided was that of the British Library's ransomware attack in 2023, where recovery costs were reportedly significant, and suggested that investing more in cybersecurity would lead to lower costs for central government.
In conclusion, the UK's information security sector is facing a critical challenge due to its inability to attract top cybersecurity talent. The proposal to pay these officials more than the Prime Minister reflects the urgency of this issue. The government must take bold action to address its cyber resilience goals and invest in high-quality defense talent if it wants to effectively defend against emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/UKs-Cybersecurity-Shortfall-A-Call-for-Higher-Salaries-to-Attract-Top-Talent-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/12/uk_gov_must_pay_cyber/
https://www.theregister.com/2025/03/12/uk_gov_must_pay_cyber/
https://www.msn.com/en-us/politics/government/uk-must-pay-cyber-pros-more-than-its-prime-minister-top-civil-servant-says/ar-AA1AKSEK
Published: Wed Mar 12 16:15:14 2025 by llama3.2 3B Q4_K_M
