The challenge of cyber security often starts with more questions than answers. When thinking about it from a regional perspective, interesting points to consider are how well served we are in terms of related skills and expertise, and what organisations in the region ought to be doing to protect themselves.
In this article, Professor Steven Furnell and Gabriele Zatterin explore the cyber security landscape across the region and ask the question, ‘Are we cyber active in the Midlands?’
A previous article has highlighted the need for organisations in the West Midlands to achieve a basic level of cyber security. This need is, of course, equally applicable to those in the East Midlands as well and leads to the question of how to ensure that this level is reached. The ability to address cyber security tends to assume that organisations have – or have access to – the skills to do so, and so this raises the further question of whether the Midlands has an active cyber security presence and community to draw upon. Encouragingly, the evidence suggests that the answer is a rather positive one.
It does not take long to realise that there are a variety of players actively representing cyber security issues across the Midlands. For example, the Chartered Institute of Information Security (CIISec) has Community Hubs in both regions, there is Midlands Cyber (a Cyber Security Cluster in the West Midlands, with discussions currently in progress around creating a cluster to serve the East Midlands), and we have Cyber Resilience Centres for both East and West Midlands providing related guidance and support to organisations in the region. And of course, the Midlands – specifically Birmingham – was selected as the venue for launching the National Cyber Strategy in December 2021. As a result of this, Innovation Alliance West Midlands created a cyber working group in the region to increase collaborative working.
Taken collectively, the Midlands region has the largest number of active cyber sector offices outside of London and the South East (345 in total, with 196 of them in the West Midlands). Figure 1 merges the regional snapshots previously published in the Cyber Security Sectoral Analysis 2022, and clearly suggests that cyber security has quite a presence across the region.
Figure 1 : Concentrations of cyber sector firms in the Midlands regions
The Cyber Security Sectoral Analysis 2022 indicated that the Midlands collectively accounts for 10% of the cyber sector-based employment, as well as just over 10% of the advertised job vacancies for core cyber security roles. In both cases, there is a roughly two-thirds skew towards the West Midlands, but this can be set against the following commentary from the DCMS Cyber security skills in the UK labour market 2022 study that potentially explains the lesser representation in the East Midlands: “In locations such as Wales and the East Midlands, there are a small number of very large firms that dominate the local cyber security labour market … These larger firms often have a wider range of recruitment approaches and may not always post job adverts online. The Burning Glass Technologies dataset only accounts for online job postings, so may therefore underrepresent these types of employers” (noting for context that the Burning Glass dataset is the source of the vacancy information being reported).
There are some areas in which the region compares less favourably than the national picture. For example, as shown in Figure 2, both parts of the region are below the UK average in terms of salary (although this is perhaps unsurprising given that the national figure is skewed by London), with an average cyber salary of £53,200 (median £47,700) and so just over 10% lower than the UK average. However, there is also notable difference between East and West regions. Also notable is that the average salary in the West Midlands has seen a 4.5% increase since the 2021 results, whereas East Midlands has fallen by 3.3%. At the same time, from the inward investment perspective, the salary levels should not necessarily be seen as a negative, as they serve to make cities such as Birmingham, Derby and Nottingham fairly competitive on salaries, living standards, office costs and the like.
Figure 2 : Average salaries for cyber sector workers
The Midlands is also very well represented in terms of education and training providers. Most, if not all, of the universities in the region have something to offer in terms of cyber security education and related activities and expertise. For example, we have several universities in the region offering Masters degrees certified by the National Cyber Security Centre, with examples being the MSc Cyber Security at the University of Birmingham, De Montfort University having both MSc Cyber Security and MSc Cyber Technology, and the University of Nottingham with MSc Cyber Physical Systems. There are also numerous offerings to choose from at the undergraduate level, both in terms of specialist cyber security degrees and wider computing degrees that incorporate cyber security coverage (albeit with University of Warwick being our only regional player offering an NCSC-certified BSc Cyber Security at the time of writing). Looking beyond the academic offerings, the region offers numerous opportunities to engage in cyber security related training, be it from the perspective of general awareness raising though the pursuit of professional certifications for cyber practitioners.
The Department for Digital, Culture, Media & Sport (DCMS) is strengthening and growing the cyber ecosystems through funding a number of national initiatives:
● The UK Cyber Cluster Collaboration (UKC3) acts as a focal point for clusters across the UK, providing an overarching operating framework to create a support network and foster collaboration. It provides clusters, such as Midland Cyber, with a clear route to funding and accreditation, as well as a network for knowledge sharing and increased participation across all regions of the UK.
● Cyber Runway is the UK’s largest accelerator for UK cyber companies. Split into three streams (Launch for start-ups, Grow for SMEs, and Scale for scale ups) it provides business skills, mentoring, connections and product development to cyber companies so they can increase their revenue, investment and size. As well as focusing on business growth Cyber Runway aims to support diversity in the cyber sector, with a focus on businesses led by women and people from an ethnic minority background, as well as businesses based outside of London and the South East.
● The CyberASAP programme supports the commercialisation of UK research into cyber security and helps academic researchers to turn ideas into fully rolled-out commercial projects by developing the academics’ entrepreneurial skills. In doing this, it recognises the barriers that academics face when commercialising research, including the lack of dedicated time available to research the market and to validate potential products. The programme has supported a number of Midlands based academics since it launched, from universities including Birmingham City, Coventry, De Montfort, Northampton, Nottingham, Warwick, and Wolverhampton.
● Cyber Explorers is a new national initiative designed to inspire 11-14 year-olds across the UK to pursue interests and subject choices that could take them towards a cyber security career. It aims to support teachers by complementing the school curriculum and to further students’ independent learning. The initiative focuses on improving the career prospects and diversity of students that may be open to exploring a pathway to a potential cyber security career through the education system. Backed by HM Government, Cyber Explorers is delivered by DCMS and complements the existing CyberFirst programme of activities, which is led by the National Cyber Security Centre.
As part of the National Cyber Strategy in relation to the ecosystem pillar, DCMS’ senior cyber policy lead operates across the Midlands and focuses on growth, innovation and skills. And already the region has benefited from closer coordination and partnership through both national and bespoke schemes. These have included:
● Raising awareness of cyber for young people through cyber community sessions;
● Support to sole/SME ethnic minority businesses to increase cyber resilience and their understanding of threat;
● Piloting a new network in the Midlands called Ethnic Minorities in Cyber.
Of course, some aspects don’t depend upon where we live and work. The potential to be affected by a cyber incident is essentially the same for organisations in the Midlands as it is for those elsewhere across the UK (the Cyber Security Breaches Survey 2022 tells us that 39% of businesses identified an attack in the last year). The same goes for protecting ourselves – organisations in the region should be looking toward the same safeguards as those in the national context. If you are wondering where to look, then a very good starting point is the NCSC’s website, including the Cyber Aware campaign (offering basic advice for individuals and small businesses), Cyber Essentials (a scheme to help organisations adopt key safeguards against cyber attacks), and the 10 Steps to Cyber Security (setting out a comprehensive approach to cyber security, particularly for medium and large organisations). Making use of the resources is the best way to ensure protection, and if you need help to do so then there is expertise in the region to support you in doing so.
The authors would like to thank Sam Donaldson from Perspective Economics for the additional input in relation to data and interpretation from the Sectoral Analysis.
About our authors:
Steven Furnell is Professor of Cyber Security at the University of Nottingham, a Board member of the Chartered Institute of Information Security, and the Cyber Security Lead in the Centre for the New Midlands. His interests include security management and culture, usability of security and privacy, and technologies for user authentication and intrusion detection. He has authored over 350 papers in refereed international journals and conference proceedings, as well as various books, book chapters, and industry reports.
Gabriele Zatterin is a senior researcher in the Ipsos’ Public Affairs team. He has been managing the annual UK cyber security labour market study for the UK Department for Digital, Culture, Media and Sport (DCMS) since April 2021. As part of this, he was heavily involved with the managing, analysis and reporting of the most recent labour market study, published in May 2022.