We often talk about the skills gap in cyber security — and yes, there is one. But what we’re really seeing right now is a recruitment squeeze across multiple dimensions.

Entry-level opportunities are fewer than you might think

New graduates are eager to get into cyber, yet many organisations are offering few dedicated graduate roles. The focus is heavily on mid-level talent (2-6 years’ experience). For example the Department for Science, Innovation and Technology (DSIT)-led UK analysis shows that 63% of “core cyber” job adverts require 2-6 years’ experience, while only 17% seek candidates with less than one year’s experience. (GOV.UK)
For a graduate or someone with 0-1 years’ experience this means it’s a tougher in-road than many expect.

Senior Cyber Security Managers / CISOs are staying put

With many senior professionals in stable roles, companies are competing heavily for mid-level professionals who have a few years under their belt and can “hit the ground running”.
What companies are really looking for is “2-8 years’ experienced candidates” — not so much fresh out of university but not yet a ten-plus year veteran.

High-profile attacks are shining the spotlight on cyber

Organisations are under pressure. A few examples:

• Jaguar Land Rover (JLR) experienced a major cyber-attack in 2025 that shut down production lines globally. (ITVX)
• Marks & Spencer (M&S) was also hit by cyber-incident disruption earlier this year. (The National)

These events mean cyber security isn’t a “nice to have” anymore — it’s mission-critical.
For job seekers, that’s good news: organisations are prepared to prioritise cyber roles, invest in capability building, and recognise the risk.

Training budgets are under strain

Despite the heightened importance of cyber security, many businesses are tightening their belts when it comes to training and professional development.
When training budgets shrink, it becomes harder to develop talent internally (especially at the junior levels) and also harder to retain staff who expect growth, learning and progression.

HR & Talent teams are stretched

With many applications flowing in (and many roles requiring specific skill-sets), HR and Talent Acquisition teams are under pressure — sifting resumes, trying to assess cyber-skills (often technical), and balancing urgency with quality.
The result: hiring can still be slow or imprecise, and candidates may feel “lost in the queue”.

 So — what does this mean for job-hunters and recruiters?

• For graduates and entry-level candidates: don’t wait for the perfect “0-1 year cyber role” to land. Consider taking on roles that build transferable experience (IT support, network operations, SOC junior roles) and ensure you highlight technical aptitude + soft skills.
• For mid-level professionals (2-8 years): you’re in demand. Organisations are looking for those who can bridge the gap — not recent grads and not senior / management — but those with a few years of relevant experience.
• For hiring teams: look beyond the fixed years of experience. Consider how you build pipelines of junior talent (even if current roles focus mid-level), invest in training/paths, and accelerate your processes to capture the talent you identify.

If you are looking to grow your Cyber Security team, give one of our Cyber Security recruitment experts a call and lets build the best strategy for you.