The UK is facing a prolonged skills crisis for security professionals because businesses have ignored the need for established career paths, according to Ernst & Young.
The number of graduates interested in a career in cyber security has plummeted over the past decade, Mark Brown, director of information security at Ernst & Young told V3.
"If you go back to 1998 there were 32,000 graduates a year in computing, maths, engineering, the traditional entry points for a career in information security," Brown said.
"By 2010 that figure was reduced to 7,000 people, a 70 percent drop on graduates entering the industry."
Brown said the lack of interest is largely due to the way businesses have marginalised cyber security, seeing it as something to be outsourced to another company rather than dealt with internally.
"People don't see information security as a career point, why is that? Offshoring. Since the mid-90s a lot of the work information security is doing has been outsourced to companies like IBM. That results in a derogation of interest in the skill set, as people don't recognise it as a career," said Brown.
"What we now need to do as a nation is to readdress that skill perception. It's going to take 10 to 20 years to repair the skills perception, right through from 10 year olds at schools."
The warning of a 20 year wait for enough security professionals was recently outlined by the National Audit Office (NAO) in a report into the government's Cyber Strategy.