Source · Select Committees · Public Accounts Committee
Recommendation 2
2
Accepted
Require Cabinet Office to detail how central interventions will fill cyber vacancies and support departments.
Recommendation
There is a longstanding shortage in government of the experienced, technical cyber skills required. Skilled cyber security professionals are scarce and in high demand nationally and globally. As this Committee has frequently reported over the years, government finds it hard to compete with the private sector for the best talent, in part because it has not been willing to pay market–rate salaries. The Cabinet Office reports that government has successfully expanded its digital, data and technology profession to 23,000 people, which represents 6% of the total civil service, and it wants to further expand this to 10%. However, significant vacancies remain, particularly for expert cyber skills. Right now, one in three cyber 3 security roles in central government are vacant or filled by expensive contractors. In addition, civil service recruitment processes, which can take up to nine months, are not quick enough. The Cabinet Office and DSIT are intervening to address these issues, including by increasing the amount departments can pay cyber professionals. If government paid higher, market–rate salaries, it would save money over the longer term compared to using contractors, especially if it helps to reduce risk. The Cabinet Office noted it could do better at improving diversity in government’s cyber security community. Only 20% of cyber security professionals in government are women. recommendation Following the conclusion of the 2025 Spending Review, the Cabinet Office should set out: how many of the estimated cyber vacancies in government that its central interventions will fill; and how it will support departments’ plans to fill the remaining gaps in their workforces.
Government Response Summary
The government commits to integrating cyber capability teams into DSIT by November 2025, using talent programmes and a new Cyber Resourcing Hub to attract staff. DSIT will also set out "early next year" how many vacancies central initiatives will fill and how it will help departments fill remaining gaps.
Government Response
Accepted
HM Government
Accepted
The government agrees with the Committee’s recommendation. and is taking active steps to implement reforms that address this challenge. As part of the announced Machinery of Government change, Cyber, Digital and Data teams focusing on capability and skills will be fully integrated in DSIT by November 2025. The government is attracting and upskilling new cyber security talent into government, through several comprehensive talent programmes including the Cyber Fast Stream, Cyber apprenticeships and the Government Cyber Skills Academy. Through a new Cyber Resourcing Hub, government is creating a clearer and stronger government employer value proposition to attract candidates within a competitive market and streamlining the recruitment process. As part of work to deliver the Government Cyber Skills Strategy, DSIT will continue to work with departments to understand their cyber skills gap and the local action departments are taking to address this. 2025 workforce data will be utilised to identify cyber vacancies in government and support departments’ plans on how they can fill these vacancies through current programmes and initiatives. Early next year, DSIT will set how many of the anticipated cyber vacancies in government its central initiatives will address and how it will assist departments in their efforts to fill the remaining workforce gaps.