Demand for cybersecurity training across UK businesses has surged following a wave of cyberattacks on major firms and public bodies, as employers scramble to strengthen defences ahead of new government rules.
The rise in attacks, including one that crippled Jaguar Land Rover’s operations earlier this year, has coincided with a sharp rise in firms seeking cybersecurity compliance training, according to new figures from Skillcast.
The training provider reported that visits to its cybersecurity compliance training page have tripled this autumn, with a 300 per cent rise in new users and downloads up fivefold since the JLR breach.
This has been described as the most economically damaging cyber event in UK history, which has cost the carmaker an estimated £1.9bn.
Skillcast chief executive Vivek Dodd said the trend marks “a major shift in awareness and behaviour” among British firms.
“Businesses increasingly understand that cybersecurity isn’t just an IT issue but a leadership and culture issue”, he said. “No organisation today can afford to see cybersecurity as someone else’s problem.”
Skills gap meets rising threat
The boom in training demand highlights a long-standing problem in the UK’s shortage of skilled cyber professionals.
Industry leaders have warned that fragmented training routes are leaving companies dangerously exposed as they accelerate digital transformation.
A white paper published by the All-Party Parliamentary Group on cyber innovation earlier this year actually warned that the UK’s cyber skills system was “outdated and fragmented”, arguing that “we won’t secure a 21st century digital economy with a 20th century skills pipeline”.
Dr Ismini Vasileiou, co-chair of the UK Cyber Cluster Collaboration, said: “There’s currently a mismatch between government ambition and educational reality. SMEs, in particular, are increasingly exposed as they race to meet modern digital expectations without the workforce to match.”
The report called for a national task force to align cyber education, recruitment, and accreditation across the economy.
It follows years of concern from universities and employers that training frameworks have failed to keep up with the rapid evolution of threats and tech.
Meanwhile, Skillcast’s own research shows that technology, manufacturing, and energy and utilities are among the sectors with the weakest cybersecurity implementation rates, averaging just 34 per cent despite being among those most at risk.
Labour ramps up cyber reforms
The government has now introduced its long-awaited cyber security and resilience bill, promising a ‘step change’ in how the UK protects critical services.
The new law will extend regulation to cover more digital infrastructure and key suppliers, requiring companies to report major incidents within 24 hours, meet minimum security standards, and maintain response plans.
Science, innovation and technology secretary Liz Kendall said the reforms would mean “fewer cancelled NHS appointments, less disruption to local services and businesses, and a faster national response when threats emerge.”
The bill follows a string of serious incidents, including the attack on NHS contractor Synnovis, which resulted in more than 11,000 cancelled appointments and losses of over £30m.
Industry figures broadly welcomed the move but warned that enforcement will be crucial.
Kristina Holt, managing associate at Foot Anstey, said: “The introduction of this bill is by no means a guarantee of security or certainty. Its impact will depend on whether significant resource is actually allocated for its enforcement.”
An evolving, costly threat
The National Cyber Security Centre (NCSC) recorded more than 200 nationally significant attacks in the past year, and government data suggest that major breaches now cost the UK economy nearly £15bn annually, which is around 0.5 per cent of GDP.
Recent attacks on Marks and Spencer and Jaguar Land Rover have highlighted the vulnerability of supply chains, which can ripple across the economy, damaging confidence and trust.
Meanwhile, in the West Midlands, where JLR is headquartered, business confidence has now fallen to the second-lowest level in the UK, according to regional figures.
Dodd said the JLR breach marked a turning point: ‘When production systems are brought to a standstill, the consequences extend far beyond IT. It disrupted a global supply chain, put jobs at risk and eroded confidence”.
“Companies need to move from passive compliance to active resilience, embedding cybersecurity awareness into everyday operations.”