Cyber security

How the cyber skills gap affects not-for-profits and what you can do about it

31 January 2023
Here we explore the current cyber skills gap, and how it's affecting the not-for-profit industry.

What is the cyber skills gap?

In the UK alone, 697,000 businesses have a basic cyber security skills gap, putting their cyber security and business at risk. Unfortunately, this global shortage also extends to the not-for-profit sector and according to recent UK government research, many are behind on cyber skills when compared to other industries, further putting them at risk.

The cyber skills gap refers to the shortage of professionals with the necessary knowledge and skills to protect organisations from cyber attacks and breaches. With 51% of all UK businesses having a basic cyber security skills gap, it is more challenging than ever to deliver this all-important protection.

What is causing the cyber skills gap?

The cyber skills gap could be caused by several factors, such as:

1. Fast technological change

The rapid pace of technological change is widening the skills gap. Cyber security is a field that is constantly evolving, with hackers being extremely opportunistic - trying to stay one step ahead of their target. 

It can be extremely difficult for organisations to keep up-to-date with the threats they are at risk of. As new technologies emerge, so do new threats, making it increasingly challenging for people to keep their knowledge and skills up to scratch and protect their organisation. 

3.5mill unfilled cyber sec jobs2. Unfulfilled vacancies

The demand for cyber security experts is growing, but the supply is not keeping pace. According to a recent Cyber security Ventures Research Group study, there will be a huge 3.5 million unfilled cyber security jobs globally by 2025. Very few universities and colleges offer cyber security courses, resulting in a lack of diversity and volume of graduates needed to fill these vacancies.

3. Not viewed as a critical risk

In addition to the shortage of qualified professionals, there can be a lack of the understanding of the importance of cyber security. Many establishments still see cyber security as an IT issue, not a business risk; this couldn’t be further from the truth. This perspective of cyber security can lead to a lack of investment and a lack of emphasis on hiring the qualified professionals needed.

4. Lack of confidence

Across eight major cyber security factors, from detecting and removing malware to controlling who has admin rights, research suggests NFPs feel less confident in their cyber security knowledge by an average of 16%. This can leave NFP organisations more vulnerable to cyber attacks, data breaches, and other cyber threats when compared to other industries.

Extent to which businesses are confident in performing basic cyber security tasks (where such tasks are not outsourced)

Extent to which businesses are confident in performing cyber security tasks


How the cyber skills gap could affect your not-for-profit organisation

NFPs are particularly vulnerable to the impacts of the cyber skills gap and this is reflected in the number of reported attacks with ‘30% of UK charities reporting a cyber attack in the last 12 months.’ Limited resources, or smaller IT teams can make it more difficult to address cyber security risks.

30 charities reporting a cyber attackAs a NFP, a lack of awareness of cyber security risks can be a significant concern. Whenever the necessary policies and procedures to manage cyber security risks aren’t in place there is the potential for danger. 

However, when resources such as time and funds are limited, cyber security may not be at the top of your list of priorities. Just under a quarter of NFPs are reported to have a formal cyber security policy in place, with only 55% citing cyber security as a priority in their organisation. It is likely that the cyber skills gap is creating this disparity in priority and cyber security planning. 

Remote working

You may have people working remotely, making it more challenging to protect your organisation’s networks and data. ‘Home workers are the primary target of criminals as cyber attacks have risen 238% in volume since the beginning of the pandemic.’ Remote workers don’t have the same level of security protection as those working in an office. Security policies put in place before 2020 may now be 
out of date, as they may not cover hybrid and remote working. If cyber security has been pushed down the priority list, you may have struggled to update your security policies, leaving an increased risk of cyber attacks and data breaches.

Risk factors in remote work environments

Risk factors in remote work environment

Human error

People are at the core of any not-for-profit organisation; staff, volunteers, donors and more. Unfortunately working with people, in any business, presents a cyber security risk. ‘82% of all breaches occur due to a human error or human element’. Hackers are opportunistic and use all people within an organisation to their advantage. Of the NFPs that reported a cyber attack in the last 12 months, 87% of these reported phishing attempts - where attackers try to trick users into revealing sensitive information or downloading malware. With there being a global skills gap in cyber security, it’s vital to educate your team to understand how their actions impact the protection of your organisation. 

Average data breach costingThe cost of cyber security

Budget constraints and high cost of investment can make it more difficult for your not-for-profit to invest in cyber security technology 
and hire specialist staff in house. Unfortunately, the cost of a cyber attack can often be much higher than the cost of implementing cyber security measures with the average data breach costing $4.35 million in 2022.

Sensitive information

One of the reasons why cyber attacks on NFPs can be particularly damaging is that they can harm the very communities that your NFP exists to serve. Your organisation holds sensitive information about your stakeholders and donors, and a breach can severely compromise this data. This can damage the trust between you and your stakeholders and make it difficult for you to progress with your mission.

Your reputation 

Your NFP mission is of the utmost importance and efforts taken to protect the publicity of the mission should also be considered. It’s imperative that you protect your organisation from breaches in order to keep the relationship you have with your donors and stakeholders, despite the cyber skills gap presenting a challenge. 

Slow response time

Without the necessary cyber security staff and knowledge, you may not be able to respond to cyber incidents as quickly and effectively as you would like to. This can lead to disruptions in usual operations, resulting in a loss of revenue and resources. Moreover, a lack of cyber security expertise can prevent you from identifying new opportunities for growth and innovation in the digital space.

Your purpose

Unfortunately, NFPs can be a target for cybercriminals due to their cause. As a not-for-profit, you’re more likely to have access to sensitive information that can be used for ransom or other illicit activities. You are also responsible for protecting the data of your stakeholders and donors - and malicious actors are usually after these very things. Overall, the cyber skills gap can have far-reaching and severe consequences for NFPs, and you must take steps to address it to protect yourselves and your organisation. This is essential to continue your mission and raise funds. 

Strengthen your mission: Steps you can take

Filling the cyber skills gap is crucial for protecting your NFP from cyber breaches. If you’re looking for ways to address the skills gap and improve your cyber security knowledge, you have a few options:

Recruiting cyber specialists
One way to fill the cyber skills gap within your business is of course to recruit dedicated cyber specialists. Whilst the global cyber skills gap has inflated wages for these members of staff, it can be worth building a business case for extra budget to enable you to hire the right cyber specialist for your organisation. This will ensure that you have the necessary dedicated staff and knowledge to protect your mission and safeguard the well-being of your business. 

Train team members
One of the most effective ways to combat the cyber skills gap is to train current team members. A robust in house training program can provide your team with the skills and knowledge needed to protect your organisation. A consideration should be made as to how frequently this training is made available due to the fast-paced nature of cyber security, as knowledge should be kept as up-to-date 
as possible to minimise risk.

Work with organisations who specialise in cyber security
Investing in cyber security technology and people can be extremely costly if you are to fully bring this in house. There can also be complexities and risks associated with managing your cyber security in house too. It may be more cost-effective and a faster solution, for you to seek support from an outsourced provider who specialise in fully managed cyber security solutions (MSP), particularly as cyber criminals become more advanced, demanding more time and resources to protect your NFP organisation.

Working with an MSP can be beneficial in many ways:

Working with an MSP



The cyber skills gap is a challenge that all organisations, and NFPs are facing. Despite being of growing concern, it presents an opportunity to strengthen your mission and there are clear steps that you can take to tackle this global shortage of skills. By taking the necessary steps to address the cyber security skills gap, you can ensure that you have the right staff and knowledge to protect your mission and safeguard the well-being of your stakeholders, and those your not-for-profit organisation is there to serve.

About Bluecube

Bluecube is a managed service provider specialising in cyber security prevention and recovery. We work with a range of not-for-profit organisations to protect and strengthen their mission. We tailor each cyber security prevention solution to the nuances of every business we work with, as we understand that every organisation is different.

Contact us today to discuss how we can help your NFP organisation improve its cyber security and protect its mission.