Why the UK is tops in cybersecurity

City talk | Dr. Jolly Wong 26 Jul 2021

Last week I wrote that cybersecurity workers are in high demand and short supply and that this is one of the most critical issues facing the security industry right now.

Cybersecurity does not merely impact businesses; it also affects politics and national security. This is evidenced in discussions between US President Joe Biden and his Russian counterpart Vladimir Putin last month.

This week I want to look at the situation in Hong Kong and advance a partnership among companies, universities and government as a solution to the shortage here.

The administration has taken steps to nurture and support cybersecurity talent through organizing conferences and promoting certifications.

It launched the Quality Migrant Admission Scheme in June 2006 and the Technology Talent Admission Scheme in June 2018. By 2020, 1,625 people were approved to work under QMAS. No data is available for TechTAS yet.

But this is not enough. We need to specifically recruit talents who have different skills than other IT workers.

In 2018, there were a mere 1,118 cybersecurity specialists here - 1.2 percent of all IT employees in Hong Kong. The majority (84 percent) of these specialists were employed by either IT products and services suppliers or financial and business-related firms, eager to protect their systems.

We can learn from countries that have done well. In 2018, the United Kingdom was ranked first in the Global Cybersecurity Index, which measures a country's level of engagement in cybersecurity.

The UK is doing particularly well in building its capacity for cybersecurity workers, which is a measure of the country's academic curricular and accreditation relevant to cybersecurity.

The UK employed 43,000 full-time equivalents in a cybersecurity-related role in 2019.

More importantly, it has some of the best cybersecurity professionals in the world. In 2020, 7,590 people in the UK were Certified Information Systems Security Professionals, the second most after the United States. CISSP is one of the most prominent IT security professional certifications that identifies individuals with high standards of competence.

So how has the UK achieved this?

First, it has many initiatives designed to encourage the professional development of those who are aspiring to work in cybersecurity.

It also tries to help those already in the industry to have their skills and expertise recognized more easily and in a clear and consistent way.

In the UK, CyberFirst is a program of opportunities, covering a broad range of activities to help those aged 11 to 17 years explore their passion for tech by introducing them to the fast-paced world of cybersecurity.

For example, more than 12,000 took part in the 2019 CyberFirst Girls' Competition and another 55,000 in Cyber Discovery and CyberFirst learning programs by June 2020.

Then there are financial incentives. More than 900 students are either on or recently graduated from a CyberFirst Bursary scheme.

These are initiatives that Hong Kong can easily replicate and exceed.

The UK has also established the Cybersecurity Council, an independent body, to champion the profession, promote excellence and grow the skill base.

This is a wide ranging group. It contains members from the Cyber Security Alliance, a loose collection of professional bodies, and has received input from the Institution of Engineering and Technology.

It works closely with the National Cyber Security Centre, the UK's national technical authority to define and develop the skills the country needs.

Hong Kong can learn from the UK and build an alliance of our own.

Dr Jolly Wong is a policy fellow at the Centre for Science and Policy, University of Cambridge

Search Archive

Advanced Search
September 2021

Today's Standard