GCHQ ‘3 times more likely’ to lose cyber security skills than private sector

The UK's communications spying centre can't compete with high salaries offered by industry
  • Anh Nguyen (Computerworld UK)
  • — 18 July, 2012 07:12

GCHQ's difficulty in retaining the IT skills needed to respond to the cyber security threat is a real and growing concern, according to a report from the UK's Intelligence and Security Committee (ISC), a group of senior parliamentarians appointed by the Prime Minister.

Last year, the ISC recommended that GCHQ explore ways to improve the situation, including a bonus system for specialist skills, and the UK communications spying centre confirmed that it had adopted such a system in January, in a bid to stop staff leaving for large technology companies such as Google.

Despite this initiative, however, in its 2011-12 annual report, the ISC said: "This year we were told that the situation had deteriorated and that GCHQ was 'losing critical staff with high end cyber technology skills at up to three times the rate of the corporate average, 3.4 percent.

"The [GCHQ] director thought this problem was likely to increase in the coming years."

GCHQ blamed the problem on the growing market for cyber security experts, and the government's inability to match the higher salaries and better benefits offered by the private sector. This has led to the government agency training staff, who were then recruited by the private sector.

It has therefore suggested a new employment model, whereby GCHQ recruits and trains staff with the expectation that they will eventually join industry.

"If they're working with some of those companies that we work closely with, perhaps there is a benefit that we can get from them," said the GCHQ director, Iain Lobban.

The ISC has asked GCHQ to identify options for new employment packages, which will be discussed with the Cabinet Office and HM Treasury, to address the skills problem.

"GCHQ's continuing difficulties retaining internet specialists is a matter of grave concern," the committee said.

"We expect to see a package agreed and implemented before the start of the 2013/14 financial year."

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Imprivata OneSign®

Get identity and password proliferation under control, reduce helpdesk costs and extend secure, single sign-on access to any enterprise application with a single solution.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »