One in three cybersecurity roles in central government are vacant or filled by expensive contractors.
Government is finding it hard to compete with the private sector for the best talent in cybersecurity.
According to the report on cyber resilience by the Public Accounts Committee, only being “willing to pay market-rate salaries” has been blamed, as this “would save money over the longer term compared to using contractors.”
The statement published alongside the report claims that while government has successfully expanded its digital profession to 23,000 people, or six percent of the total civil service, one in three cybersecurity roles in central government are vacant or filled by expensive contractors.
Sir Geoffrey Clifton-Brown MP, Chair of the Committee, said: “If the Government is to meet its own ambition to harden resilience in the wider public sector, a fundamental step change will be required.
“Part of this will be government finally grasping the nettle on offering competitive salaries for digital professionals, and we were encouraged to hear the Cabinet Office thinking in these terms.”
Attractive Remuneration
Clifton-Brown claimed that for too long, Whitehall has been unwilling to offer attractive remuneration for experts who are able to secure high-paid work elsewhere. “Making sure that the right people are in the right jobs to defend the UK against this serious threat, and reducing the use of expensive contractors at the same time, is clearly sound value for money.”
He concluded saying it “must not take a devastating attack on a critical piece of the country’s infrastructure for defensive action to be taken.”
The Public Accounts Committee said that the amount departments can pay cybersecurity professionals is set to increase, and the Committee’s report calls on the Cabinet Office to set out how many of the cyber vacancies in government its interventions will fill.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
