Last week, I received a call from my credit card provider: “Hello Mr Lane, I’m calling from the security department at [Credit Card Company]. Before I can explain why I’m calling, I need to verify your identity.” 

I paused, then replied: “No thanks, I’ll call you back.” 

It’s a situation most of us recognise. Whether it’s your GP, your bank, or your phone company, they call you – and then expect you to prove who you are. It’s become a routine part of modern life, yet it reveals one of our biggest vulnerabilities. 

The recent cyberattacks on Marks & Spencer, the Co-operative Group, and Harrods highlight just how easily these everyday interactions can be exploited. Social engineering – where attackers manipulate people into revealing confidential information – played a key role. And it’s working.  

So well, in fact, that the UK’s National Cyber Security Centre (NCSC) has warned retailers and other sectors to remain vigilant, particularly as attackers are now impersonating IT help desks to gain access to sensitive systems. 

The reality is this: no matter how sophisticated an organisation’s firewalls and defences might be, they’re only as strong as the people who use them. And right now, we don’t have enough people with the right skills to keep up. 

According to the World Economic Forum’s 2023 Future of Jobs Report, demand for cybersecurity professionals is outpacing supply, with over 4 million roles unfilled globally. Nearly 70% of security leaders say the skills shortage is putting their organisations at greater risk, and more than half report difficulty in hiring or retaining talent.  

By 2030, the WEF estimates that 60% of the global workforce will need reskilling or upskilling to keep pace with changes driven by technology, automation, and artificial intelligence. 

This is not a distant challenge. It’s already here – and growing. At NCFE, we recognise this as both a risk and an opportunity. We offer qualifications in cyber security at Level 2 and Level 3 and data at Level 2 and Level 3 which are designed to align with employer and industry needs and build more than just technical ability. They help learners develop the real-world thinking, resilience and confidence needed to tackle the kinds of threats we’re seeing right now. 

As the threat evolves, so do our qualifications. Three brand new reform qualifications are also launching on 1 August 2025 and have been developed in close partnership with employers from the outset to meet the practical demands of today’s digital workforce. You can find out more about our approach to post-16 reforms and employer collaboration here. 

Working closely with industry leaders, we have built a pathway for those wanting to enter the cyber sector. This caters for those wanting a solid understanding of what risks might look like and how to defend against them, through to those wanting to carve out a dedicated career in this growing market and need a higher technical qualification. 

We need people in every sector – not just in tech companies – who understand how to protect data, spot phishing attempts, and resist manipulation. From retail to education, healthcare to finance, organisations are only as secure as their people. 

Cybersecurity is no longer a niche career path. It’s a core skill for the modern workplace, as fundamental as digital literacy or critical thinking. A qualification in this field can open doors to a wide range of roles and offer long-term career stability in a fast-evolving job market. 

The message is clear: if we don’t act now to close the skills gap, the threats will keep coming – and they’ll keep succeeding. But if we invest in the right training, empower people to spot and stop attacks, and work together across sectors, we can turn this risk into resilience. 

The future is digital. Let’s make sure it’s secure.