National Audit Office warns UK needs more skilled cyber-crime fighters
A lack of skilled workers is hampering the UK's fight against cyber crime, the National Audit Office (NAO) has warned.
The spending watchdog had heard from experts who believe it could take "up to 20 years to address the skills gap", it said in a report.
But progress has been made in tackling cyber fraud, with more police resources and prosecutions aimed at catching cyber criminals, the NAO added.
The government said it was "investing heavily" in research and education.
The number of IT and cyber security professionals in the UK has not increased in line with the growth of the internet, the watchdog said.
Labour said the report highlighted the lack of support for "the next generation of British cyber security experts".
In 2011, ministers announced funding of £650m to implement the UK's Cyber Security Strategy, which set out the risks of the UK's growing reliance on cyber space.
The strategy identified criminals, terrorists, foreign intelligence services, foreign militaries and politically motivated "hacktivists" as potential enemies who might choose to attack vulnerabilities in British cyber-defences.
In a review of the strategy, the NAO said there had been an number of developments to help tackle cyber crime.
The internet economy in the UK accounts for more than £120bn - a higher proportion of GDP than any other G20 country, the NAO said.
But it warned that the cost of cyber crime is estimated to be between £18bn and £27bn a year.
Action Fraud, the UK's national fraud reporting centre, received 46,000 reports of cyber-enabled crime, amounting to £292m of attempted fraud, the report said.
And the Serious Organised Crime Agency had captured more than 2.3m compromised debit or credit cards since 2011, preventing a potential economic loss of over £500m.
New regional police cyber crime centres and a trebling of the size of the Police Central e-crime Unit had also helped boost the UK's capability to combat attacks, the watchdog said.
But the NAO warned that the UK faced a current and future cyber security skills gap, with "the current pipeline of graduates and practitioners" unable to meet demand.
Education officials interviewed by the NAO said it could take "up to 20 years to address the skills gap at all levels of education".
They raised concerns about a lack of promotion of science and technology subjects at school, leading to a low uptake of computer science and technology courses by university students.
Amyas Morse, head of the NAO, said: "The threat to cyber security is persistent and continually evolving. Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack."
The NAO also raised concerns that the government had yet to say how it would demonstrate value for money for the multi-million pound cyber security fund.
"It is good that the government has articulated what success would look like at the end of the programme. It is crucial, in addition, that progress towards that point is in some form capable of being measured and value for money assessed," Mr Morse said.
The report identified other challenges faced by the government in implementing its strategy, including influencing industry to protect itself, increasing awareness amongst individuals and getting the government to be more agile and joined-up.
'Room for improvement'
The chair of the Public Accounts Committee, Margaret Hodge, welcomed the report, saying it showed the government needed to "work hand-in-glove" with businesses and individuals to build awareness about the threats of cyber crime.
"The use of the internet for commerce and communication is a force for good, but it also poses new and growing threats that government, businesses and individuals cannot ignore," she said.
"With around 80% of the internet in private hands, crossing international boundaries and spanning different jurisdictions, the government cannot approach internet security in isolation. Having a robust and well thought-through strategy is crucial if the government is to respond effectively to cyber threats."
A Cabinet Office spokeswoman said the UK was "on a stronger footing" in tackling the challenges of cyber crime than a year ago.
She said: "We agree that skills are crucial to cyber security which is why we are investing heavily in research and education through establishing new centres for excellence in cyber security research, cyber security skills among the police forces, centres of doctoral training in cyber security and supporting initiatives such as the cyber security challenge which uses innovative approaches to recruiting new talent into the cyber security sector."
For Labour, Chi Onwurah said: "There is some welcome progress in this report, but as the NAO make clear, there is significant room for improvement in leadership and coordination.
"Cyber security is a significant opportunity as well as a threat to our future defence and economic prosperity, and ministers need to ensure that we have the skills we will need 10 years down the line."