A Cyber Skills Shortage is Threatening UK Mid-market Defences

Threats are accelerating but the people and processes to counter them are lagging behind. The UK’s cyber workforce has grown to more than 67,000, yet critical capability gaps are opening in exactly the areas attackers are exploiting: AI, incident response, cloud security and identity. According to the UK Cyber Security Council, 90% of organisations report shortages in these roles, while government figures show half of UK businesses cannot manage basic firewall set-up or breach detection. 

These are not optional skills. Without them, attacks slip through undetected, incidents drag on for days instead of hours and misconfigurations leave the door wide open. 

Where the cracks show 

Recruitment alone will not close the gap. Vacancies already run into the thousands, and even when filled, new hires take months to get up to speed. Attackers move faster and the consequences are visible in the day-to-day reality for mid-market teams.  

Incidents take longer to investigate and contain, leaving attackers with more time inside systems. Misconfigurations remain unresolved because no one has the capacity or expertise to fix them. Analysts are swamped by a tide of alerts they cannot triage, which means real threats risk being overlooked. In today’s interconnected supply chains, a single weakness does not just endanger the business itself but quickly cascades to partners, customers and regulators. 

Making people part of the defence 

The organisations coping best are not simply throwing headcount at the issue, they are changing culture. As Dan Burborough, Head of IT Security at Hollywood Bowl, told me: “Security sticks when it’s simple. We don’t wait for an annual test. We drip-feed training, reward people for spotting threats and make it part of the culture, not a compliance chore.” 

Culture change matters because it spreads resilience beyond the IT team. When non-specialists are trained to spot phishing, question unusual requests and follow incident playbooks, it creates thousands of “human sensors” across the organisation. Research by the UK’s Department for Science, Innovation and Technology (DSIT) found that firms investing in staff awareness programmes report faster identification of attacks and a lower overall cost of incidents. In other words, awareness is not just an HR initiative but a frontline defence.  

Protecting the perimeter 

The perimeter has shifted, too. Remote work and personal devices mean that vulnerabilities at home can be as damaging as those in the office. William Wilson, Head of Threat Protection and Governance at Altum Group, explained: “We run tailored training programmes to help staff keep safe beyond the workplace. Cultural awareness is just as important as technical controls if you want to keep identities secure.” 

The rise of hybrid work underscores his point. A 2024 government survey showed that 62% of UK businesses now rely on staff regularly working from home, often on personal devices. Without robust identity management and training beyond the office walls, attackers can exploit weak home setups as easily as corporate misconfigurations. The new perimeter is everywhere your people are. 

Watch this 25-second video where Wilson discusses how the Altum Group mitigates threat actors.

Extending capability through technology and partners 

If specialist skills are scarce, the answer is not to stand still but to extend your reach. Managed services can provide access to incident responders, threat hunters and cloud specialists on demand, giving teams breathing room when the pressure spikes. Industry research suggests that UK organisations using managed security services reduce their mean time to detect incidents by nearly 30% compared to those relying solely on in-house teams. 

Automation also plays a critical role. Well-designed playbooks can filter the noise by quarantining devices, enforcing conditional access or escalating only genuine threats to analysts. That reduces alert fatigue, shortens dwell time and frees your experts to focus where their judgement is needed most.  

Done well, automation is not about replacing people but multiplying what they can achieve. 

Closing the gap before it widens 

The skills shortage is not just a recruitment headache, it is an operational risk. It slows down response, leaves vulnerabilities unpatched and weakens the resilience of entire supply chains. The solution lies in culture, automation and trusted partners who can bridge the gap in real time. 

The threat is not just the attack you cannot prevent. It is the one you cannot respond to because the capacity is not there. Mid-market firms that treat this shortage as a driver for change, rather than a waiting game for recruitment, will be the ones that stay resilient. Because when capability grows faster than risk, a shortage of skills never has to mean a shortage of security. 

Want help closing your cyber skills gap? Book a demo today.