The government is right to take action against damaging cyberattacks on public services. This year’s attacks on critical infrastructure like the NHS and TfL highlighted the real-life impact of these threats, with the fallout still lingering months after the fact. In theory, the Government’s Cybersecurity and Resilience Bill is exactly what we need. Unless we build resilience across the public sector, especially services highly susceptible to attacks like healthcare, cyber criminals will continue to sneak their way into critical infrastructure and cause major disruption that impacts the lives of citizens.
But the issue is far more complex, and cannot be solved by regulation alone. The regulatory landscape itself is becoming increasingly complex, with organisations having to comply with a patchwork of new legislations, such as NIS2 and new laws in the UK. These bills are complex and bring another layer of complexity that cybersecurity professionals will need to learn about and enact. With the skills crisis continuing to stretch the capabilities of these professionals who are already under significant pressure, there’s fear that adding yet more to their plate will cause significant strain. If the regulatory landscape continues to broaden without bringing more skills to the industry, people could start applying their trade elsewhere.
There has to be a commonsense balancing act. We can start by looking at alternative avenues to recruit cybersecurity professionals. For example, a professional with a background in finance could bring much needed skills in risk management and compliance to the cybersecurity industry, helping to develop compliance strategies for upcoming regulations. Attracting and recruiting more skilled professionals into the cybersecurity industry is critical for fighting against cybercrime and complying with regulations. If we don’t start to think outside the box and hire based on skills – not cybersecurity industry experience – then we’ll continue to see overworked cybersecurity professionals and cyberattacks causing havoc across the UK’s services.