The key UK cyber security skills gap statistics in one place — how big the workforce is, how large the annual shortfall, what cyber jobs pay, who is entering the talent pipeline, how diverse the profession is and how few businesses actually train their staff, with the data period stated next to every figure.
The UK has an unusually rich official evidence base on cyber skills, but it is scattered across half a dozen releases. The Department for Science, Innovation and Technology (DSIT) publishes an annual Cyber security skills in the UK labour market report — the core series — plus a spring Cyber Security Sectoral Analysis, and the government's Cyber Security Breaches Survey measures how many organisations train their staff and put cyber on the board agenda. Industry fills in the rest: the ISC2 Cybersecurity Workforce Study has a dedicated UK cut, CIISec surveys the profession itself, and the National Audit Office (NAO) and National Cyber Security Centre (NCSC) cover government's own workforce and the education pipeline.
This page stitches those series together into one referenced set of workforce, shortage and training numbers. It is scoped to skills and workforce data only — every figure carries its data period, and every source is linked in full at the end.
Key facts and figures
- ~143,000 people made up the UK cyber security workforce in 2024.
- 3,800 — the estimated annual workforce shortfall in 2024, down sharply from 11,100 in 2023.
- 49% of UK businesses have a basic cyber security skills gap; 30% have an advanced skills gap (fieldwork Jul–Oct 2024).
- £55,000 — the median advertised salary for a core cyber role in 2024, 12% above the wider IT median.
- 17% of the UK cyber workforce is female, against 48% of the whole UK workforce.
- 19% of UK businesses ran any cyber security training or awareness activity in the year before the 2025/26 survey.
- 69,589 full-time equivalents were employed in the UK cyber security sector in the 2026 analysis — up 3%, the slowest growth since 2018.
- 1 in 3 central-government cyber security roles was vacant or filled by temporary staff in 2023-24.
The headline measures at a glance:
| Measure | Latest figure | Data period | Trend / detail |
|---|---|---|---|
| UK cyber security workforce | ~143,000 people | 2024 estimate (report published Feb 2026) | Growth accelerated from 2% (2022) to 5% (2024) |
| Annual workforce shortfall | 3,800 people | 2024 | Down from 11,100 in 2023 |
| Businesses with a basic skills gap | 49% | Fieldwork Jul–Oct 2024 | 30% have an advanced skills gap |
| Median core cyber salary (advertised) | £55,000 | 2024 job postings | 12% above the wider IT median of £48,900 |
| Core cyber job postings | 2,698 per month | 2024 average | Down 33% on 2023 |
| Cyber sector employment | 69,589 FTEs | 2026 analysis (published May 2026) | Up 3% (~2,300 jobs) — slowest growth since 2018 |
| Businesses running cyber training | 19% | 2025/26 survey (published Apr 2026) | 84% of large firms vs 14% of micro firms |
These are the latest figures available as of July 2026, and the page is updated as new data lands — the main refresh is DSIT's annual Cyber security skills in the UK labour market report (latest edition published 2 February 2026), with the Sectoral Analysis each May, the Cyber Security Breaches Survey each spring and the ISC2 workforce study each autumn or winter.
How many people work in cyber security in the UK?
The UK cyber security workforce was estimated at approximately 143,000 people in 2024, according to DSIT's Cyber security skills in the UK labour market 2025 report, published in February 2026. Growth has been accelerating: the workforce grew by around 2% in 2022 but 5% in 2024, an expansion the report attributes largely to a rising supply of graduates.
The commercial cyber security sector — firms whose business is providing cyber products and services — is a subset of that workforce. The sector employed 69,589 full-time equivalents across 2,603 firms in the 2026 Sectoral Analysis (published May 2026) — up 3%, or roughly 2,300 jobs, on the previous year. That is the slowest employment growth since the series began in 2018, even though the number of registered cyber firms jumped 20% year on year. For context, the same analysis put sector revenue at £14.7 billion and its contribution to the economy at £9.1 billion in gross value added.
The two numbers measure different things, and both get cited as "the UK cyber workforce". The 143,000 estimate covers everyone working in a cyber role across the whole economy — including in-house security staff at banks, retailers and public bodies — while the 69,589 figure counts only people employed by dedicated cyber security companies. Quote whichever matches your claim, and label it.
How big is the UK cyber security skills shortage?
The annual shortfall in the UK cyber workforce was estimated at 3,800 people in 2024 — down sharply from 11,100 in 2023 (DSIT labour market 2025). The gap between the people the market needs and the people entering it narrowed for two connected reasons: recruitment demand cooled while the supply of new entrants, particularly graduates, kept rising.
A smaller shortfall does not mean the skills problem is solved, because the gap inside organisations remains wide. 49% of UK businesses have a basic cyber security skills gap — meaning the people responsible for cyber security lack the confidence to carry out fundamental tasks such as configuring a firewall or removing malware — and 30% have a gap in more advanced skills (fieldwork July–October 2024, DSIT labour market 2025).
The practitioner view is bleaker still. In the ISC2 Cybersecurity Workforce Study 2025, which drew on more than 950 UK respondents, 95% of UK organisations reported at least one cyber security skills gap, and 58% described their shortages as critical or significant; 87% said they had suffered at least one negative consequence as a result of missing skills (2025 study; UK analysis published May 2026). CIISec's 2025 member survey points the same way: 75% of security professionals named people — not process (15%) or technology (10%) — as the industry's biggest challenge, and 84% said security budgets are falling behind the threat, with only 5% saying budgets are in line or ahead (reported September 2025).
Are UK cyber security jobs growing — and what do they pay?
The median advertised salary for a core cyber security job was £55,000 in 2024 — 12% above the wider IT labour market's median of £48,900, based on the job-postings data analysed in DSIT's labour market 2025 report (postings January–December 2024). The premium reflects persistent competition for experienced staff even in a cooler market.
Demand, measured by advertising volume, fell noticeably. There was an average of 2,698 core cyber security job postings per month in 2024, down 33% on 2023 (DSIT labour market 2025). Set that against a workforce that still grew 5% in 2024 and sector employment that rose 3% into 2026, and the answer to "growing or shrinking?" is: growing, but more slowly, with employers advertising less and filling more roles from the swelling graduate pool. The 33% drop in postings is also a large part of why the measured annual shortfall collapsed from 11,100 to 3,800.
Where is new cyber talent coming from?
Around 11,700 people entered the UK cyber workforce in 2024, according to DSIT's labour market 2025 report — including roughly 6,000 new graduates, 600 apprenticeship starts and 2,500 people arriving through retraining or upskilling from other careers. Graduates are the engine of the current growth, which is why the report credits them with the acceleration from 2% to 5% annual workforce growth.
The pre-university pipeline runs through the NCSC's CyberFirst programme. CyberFirst has reached more than 350,000 students across the UK in its first ten years, and 14,500 girls entered the 2025 CyberFirst Girls Competition (NCSC Annual Review 2025, published October 2025). In June 2025 the government announced £187 million for TechFirst, the successor programme intended to broaden that schools pipeline into wider digital and AI skills.
Apprenticeships remain the pipeline's weak point: 600 starts a year is a rounding error next to 6,000 graduates, and a fraction of the 2,500 who arrive by retraining.
How diverse is the UK cyber workforce?
Only 17% of the UK cyber security workforce is female — against 30% of the wider digital workforce and 48% of the whole UK workforce (DSIT labour market 2025). The pipeline data above suggests the imbalance starts well before recruitment, which is precisely what programmes like the CyberFirst Girls Competition exist to change.
19% of the cyber workforce come from ethnic minority backgrounds, but they hold only 8% of senior roles — representation thins sharply with seniority. One measure moving quickly is neurodiversity: the share of cyber staff reported as neurodivergent rose from 9% in the 2020 report to 16% in the 2025 report.
| Group | Share of UK cyber workforce | Comparator / trend |
|---|---|---|
| Women | 17% | 30% of the digital workforce; 48% of the whole UK workforce |
| Ethnic minority backgrounds | 19% | Only 8% of senior cyber roles |
| Neurodivergent staff (reported) | 16% | Up from 9% in the 2020 report |
| Female entrants, CyberFirst Girls Competition | 14,500 entrants in 2025 | Part of 350,000+ students reached in ten years |
All figures from DSIT's Cyber security skills in the UK labour market 2025 (published February 2026) except the CyberFirst row, which is from the NCSC Annual Review 2025.
How many UK businesses actually train their staff?
Only 19% of UK businesses ran any cyber security training or awareness-raising activity in the 12 months before the 2025/26 Cyber Security Breaches Survey (published April 2026, fieldwork August–December 2025). The gap by size is enormous: 84% of large businesses trained staff, against just 14% of micro businesses. Among charities, training activity fell to 17% from 21% the year before.
Accountability at the top is improving, slowly: 31% of businesses now have a board member with responsibility for cyber security, up from 27% in 2024/25 (same survey). But set the two figures side by side and the picture is stark — four in five businesses give their staff no cyber training at all, in a country where half of businesses admit their people cannot confidently perform basic security tasks.
The same survey's attack and breach figures sit outside this page's scope: our UK data breach statistics page covers incident volumes and costs, our human error breach statistics page covers how much of the problem traces back to untrained staff, and our UK phishing statistics page covers the attack type training is most often aimed at.
Is AI changing the skills the industry needs?
53% of UK cyber sector businesses say their staff already use AI tools, and 65% expect their need for AI skills to increase over the next 12 months (DSIT labour market 2025, fieldwork 2024). What was an emerging theme a year earlier is now the sharpest edge of the skills gap.
The ISC2 UK analysis makes the point bluntly: 42% of UK organisations named AI skills as their most urgent capability gap — the single most-cited missing skill in the 2025 study (UK analysis published May 2026). For the other side of the same coin — what AI adoption is doing to data protection and privacy compliance — see our AI and data privacy statistics page.
How big is the skills gap in government itself?
The state struggles to staff the roles it says the country depends on. One in three central-government cyber security roles was vacant or filled by temporary contingent labour in 2023-24, the National Audit Office found in its Government cyber resilience report (published January 2025). At the most specialist end the reliance on temps is extreme: 70% of the specialist security architects in post were temporary staff.
Pay is the obvious pressure: a £55,000 median advertised cyber salary (2024 postings) is difficult for civil service pay scales to match, and government is competing for the same scarce specialists as every other employer in this page's numbers. The NAO figures are a useful corrective to the idea that the skills gap is only a private-sector problem.
Frequently asked questions
How many people work in cyber security in the UK?
Approximately 143,000 people worked in the UK cyber security workforce in 2024 (DSIT labour market 2025, published February 2026). The dedicated cyber security sector — firms selling cyber products and services — employed 69,589 full-time equivalents across 2,603 firms in the 2026 Sectoral Analysis.
How big is the UK cyber security skills shortage?
The annual shortfall was estimated at 3,800 people in 2024, down from 11,100 in 2023. Inside organisations the gap is wider: 49% of UK businesses have a basic cyber skills gap and 30% an advanced one, and 95% of UK organisations in the ISC2 2025 study reported at least one skills gap.
What percentage of the UK cyber workforce is female?
17%, according to DSIT's Cyber security skills in the UK labour market 2025 report — compared with 30% of the wider digital workforce and 48% of the whole UK workforce.
What is the median cyber security salary in the UK?
£55,000 for a core cyber security role, based on 2024 job postings — 12% above the wider IT labour market median of £48,900 (DSIT labour market 2025).
Are UK cyber security jobs growing or shrinking?
Growing, but more slowly. The workforce grew 5% in 2024 and sector employment rose 3% into the 2026 analysis — the slowest since 2018 — while job postings fell 33% in 2024 to an average of 2,698 per month. Employers are hiring less through adverts and drawing more on the graduate pipeline.
How many UK businesses train their staff in cyber security?
Only 19% of businesses ran cyber security training or awareness activities in the year before the 2025/26 Cyber Security Breaches Survey — 84% of large firms but just 14% of micro firms. Charities fell to 17%.
Related guides
- Phishing Statistics UK: Attack Volumes & Trends
- Data Breach Statistics UK: ICO Reports, Trends & Costs
- Human Error Data Breach Statistics: What the ICO Data Shows
- AI and Data Privacy Statistics UK
- GDPR data breach: what to do in the first 72 hours
- What is GDPR? A UK guide to the General Data Protection Regulation
Sources & references
- DSIT — Cyber security skills in the UK labour market 2025 (published February 2026)
- DSIT — Cyber security sectoral analysis 2026 (published May 2026)
- DSIT and Home Office — Cyber Security Breaches Survey 2025/2026 (published April 2026)
- ISC2 — Cybersecurity Workforce Study 2025, UK analysis (May 2026)
- National Audit Office — Government cyber resilience (January 2025)
- NCSC — Annual Review 2025: CyberFirst (October 2025)
- CIISec — The State of the Security Profession 2025
- Infosecurity Magazine — coverage of the CIISec 2025 member survey (September 2025)
Half of UK businesses lack basic cyber and data-handling skills — close your own gap with CPD-accredited training your whole team can finish in about 90 minutes.
Explore the GDPR & Data Protection Course →