The UK Government recently published its Assessment of Priority Skills to 2030 report, mapping projected employment needs across 10 critical sectors, including engineering, life sciences, and financial services. While the report rightly highlights the urgency of developing future-ready skills in areas such as AI and digital technologies, the complete absence of cyber security is a glaring omission.
The gap is even more striking given the UK’s recent strategic defence review, which will establish a new Cyber and Electromagnetic Command and raise defence spending to 2.5% of GDP by 2027, explicitly strengthening the UK’s cyber capabilities. Leaving cyber security out of the skills agenda is like building a house on sand – progress risks collapse without a secure foundation.
The expanding attack surface
Cyber security is the thread that runs through every one of these sectors. Without it, innovation risks turning into vulnerability and economic progress can quickly unravel. We know the risks aren’t abstract. Recent high-profile cyber attacks on British institutions like Jaguar Land Rover, Co-op and Transport for London (TfL) have caused prolonged disruption, financial loss and shaken public trust. This highlights how the damage from an attack can spread far beyond the “high-profile target”. These companies might be seen as resilient enough to absorb the damage, but the effects ripple down through entire supply chains, hitting smaller businesses the hardest. For example, many JLR suppliers are now at risk of requiring government bailouts to stay afloat.
As businesses and industries grow more interconnected, each new service, platform, or supply chain link creates fresh opportunities for attackers, making cyber security a shared responsibility. Though still a relatively young profession, cyber security has already become a cornerstone of economic stability and national defence. Embedding cyber skills and education into workforce planning by 2030 is the only way to protect the fabric of our society and daily lives.
Closing the cyber skills gap
Addressing the omission starts with recognising it and then identifying what’s needed to close the gap. From there, both public and private sectors must invest in training, apprenticeships and continuous professional development to ensure the workforce keeps pace with evolving threats. At the same time, widening the talent pool can bring in new perspectives, ease the pressure on existing workforces and reduce the risk of burnout, an issue that continues to drive attrition in the profession.
Recruitment pipelines need to be more inclusive, bringing in diverse perspectives and widening the pool of future professionals. Clearer career pathways are also essential, with visible routes from entry-level to leadership that make the profession transparent, rewarding and attractive.
Of equal importance is a shared understanding of what “cyber security skills” really mean. Technical expertise still has its place, but risk management, policy awareness and communication are becoming even more important. CIISec’s 2025 State of the Security Profession research shows that 48% of cyber security professionals cite analytical and problem-solving, and 27% cite communication, as the most important skills for the future, compared with just 14% highlighting technical skills.
Embedding cyber security into the national skills agenda requires the same focus and persistence as those who exploit the UK’s weaknesses. Professional frameworks developed by CIISec provide the tools to make this happen, setting consistent standards, mapping career progression and supporting continuous upskilling. The Assessment of Priority Skills to 2030 is a welcome attempt to future-proof the workforce, but it will remain incomplete until cyber security is explicitly recognised as a national priority.
