Government statement on the adoption of UK Cyber Security Council standards

The government have published a statement on the adoption of UK Cyber Security Council standards as part of its approach to embed cyber skills across the cyber workforce by 2025. The statement outlines the government’s commitment to maintain a clear and consistent career framework by working collaboratively with stakeholders across the cyber landscape. The statement includes commitments from regulators and industry, through the Cyber Growth Partnership.

Cyber attacks on public institutions, coupled with a heightened awareness of the intent and capabilities of malicious state actors, serve as a reminder that cyber risks are increasing in terms of frequency, severity, and complexity. Without a first-class cyber security workforce, we cannot be resilient against current threats. It has been challenging for employers to understand whether they have the skills they need, and it has been equally difficult for people to demonstrate their own competence and to progress their careers. These problems are addressed in other professions, like engineering and audit, through standards and regulated professional titles. Cyber security should be no different.

The National Cyber Strategy clearly sets out the criticality of building cyber skills at a national level as a mechanism for achieving our goal of operating as a responsible and democratic cyber power. In support of this ambition, over the past few years, the UK government has supported the establishment of the UK Cyber Security Council underpinned by Royal Charter. The Council will define the professional standards for cyber security professionals operating in the UK. It will oversee the bodies licenced to assess against those standards and hold the register of cyber security practitioners in the UK. The Council will simplify today’s complex landscape of qualifications, providing clear pathways for practitioners and employers.

The establishment of the Council marks a significant shift. It allows organisations to reassure themselves of their own organisational capability, to recruit with greater clarity and to offer more structured development to retain the best. The Council’s professional standards and associated titles allow us to collectively raise the bar of cyber security competence, increasing the nation’s cyber resilience and clearly communicating what a career in cyber security looks like.

It is the responsibility of government, regulators, and industry to ensure professional titles are embedded across the cyber workforce. Acknowledging the nation’s cyber skills at every level will increase the UK’s ability to secure systems and respond to threats, so that it remains at the forefront of global cyber capability.